LOUNGE all new asksnapzu ideasforsnapzu newtribes interesting pics videos funny technology science technews gaming health history worldnews business web research entertainment food living internet socialmedia mobile space sports photography nature animals movies culture travel television finance music celebrities gadgets environment usa crime politics law money justice psychology security cars wtf art google books lifetips bigbrother women apple kids recipes whoa military privacy education facebook medicine computing wildlife design war drugs middleeast diet toplists economy fail violence humor africa microsoft parenting dogs canada neuroscience architecture religion advertising infographics sex journalism disaster software aviation relationships energy booze life japan ukraine newmovies nsa cannabis name Name of the tribe humanrights nasa cute weather gifs discoveries cops futurism football earth dataviz pets guns entrepreneurship fitness android extremeweather fashion insects india northamerica
+35 35 0
Published 9 months ago with 1 Comments
Additional Contributions:

Join the Discussion

  • Auto Tier
  • All
  • 1
  • 2
  • 3
Post Comment
  • ohtwenty
    +5

    I came across the Tweet and it has raised a pretty good point on responsible disclosure, Apple's attitude towards support (and putting iOS first - e.g. making a bug bounty programme for iOS but none for macOS), and general 0-day shenanigans. See the hacker news thread for an in-depth but technical discussion.

    Most important take-away: disabling root is not enough: if there's no root account (and/or you've disabled it) entering a new user root with a blank password will just create a root account. Or as your article mentions:

    This makes four -- count them, four -- password-related security problems since High Sierra was released in September.

    Which is why people (for example, in the hacker news thread) have a few speculations about what Apple's up to. Because this doesn't just mean if someone's logged in you can access anything locked by root account (e.g. everything private), but even if they're not logged in you're able to log in as a new user, and get access to pretty much everything!

Here are some other snaps you may like...