Apple vulnerability: root login without password possible
Click here to post a comment for Apple vulnerability: root login without password possible on our message forum
rl66
Even more when the new mercedes pick up is a dacia/renault/nissan in desguise.
It is nice to see more people exploring Mac's security fail.
Apple have tried so many time the famous jedi trick on consumer:
"this is not the droid we are searching for"... oups i mean "your mac can't be hacked and is invulnerable to virus"
CrazY_Milojko
This is a freaking nightmare for admins...
Situation today after some random kid came home from school:
mom: "...hi dear, anything new at school today..."
kid: "...meh, nothing much... got few A's... owned few apples..."
mom: "...good boy! hope they tasted good..."
kid: "...oh well... forget it mom..."
Prince Valiant
Gold star for security, Apple.
Fender178
Way to go Apple. Makes me wonder if there is a similar vulnerability in Linux as well since Mac OS and Linux share some similarities. Also make me wonder on how long it will take Apple to fix this because in the past Apple is known for taking their sweet time to fix stuff like this.
schmidtbag
This sounds oddly familiar. I swear I've heard about this before many years ago.
The word "similar" is accurate and important to distinguish, because they are not the same. Mac is loosely derived from BSD, while Linux was built from the ground-up having very little shared code. That being said, though Linux pretty much has no chance of having this problem, FreeBSD isn't 0%. Though, I'm confident any BSD variant is fine; this is probably just a downstream Mac problem.
It's kind of like comparing humans to chimpanzees - we share a lot of the same DNA and both are primates, but that's pretty much where the similarities end.
Fender178
Ah I get ya. Very different code between the two OSes. They share some similarities like the login to install a program but thats a Unix thing I think.
schmidtbag
They're similar in the sense that they have the same core functionality, low-level tools, and principles, but they're different because they are developed independently and to my knowledge, very little of their code has ever mixed.
But yeah, in pretty much all Unix-like OSes, you need to be root to have write access to anything that isn't in your home folder, and that includes installing things. For things like flash drives, the system needs to be configured to permit non-root access (but for most systems, that's a default behavior). It's stuff like this why these OSes are inherently more secure than Windows.
heffeque
Just wanted to comment that it has already been fixed.
bigfutus
It's not a bug, it's a feature. Forgot your password? Just log in as root.
rl66
iOS is based on UNIX wich is not exactly a Linux.
Based doesn't mean share everything and iOS forked long ago, when screen where CRT and madona where a young teen, i don't think it is due to the UNIX part 🙂
Also every OS have vulnerabilities, Apple was thinking that they are the exeption until people start to play with their OS... i think this is the main issue for iOS.
Anyway as said previously it is still more secured than Windows 🙂
Kaarme
Apparently Apple issued a statement expressing regret about this flaw. Apple did. Apple admitted it did something wrong. Steve Jobs will crawl up from his grave very soon to reeducate the people leading Apple these days. They have clearly forgotten that Apple never makes mistakes. Mortals of limited intellect merely cannot always understand Apple's intentions.
schmidtbag
I'm not sure if this is sarcastic or not, because though Jobs was the idea person, he also nearly ran Apple into the ground, he struggled to see eye to eye with people, and he was a pretty awful person.
Kaarme
That's what I was trying to say.
