macOS High Sierra bug allows Admin access without password

[pm-r]

Because this bug is so severe, that patching it twice is the only way to be sure?

Or maybe you get one for each of the bugs???

One for the "root login" vulnerability and one to fix the possible "sharing" goof up???

Regardless, one may want to check that it/they did actually get installed properly:
To confirm that your Mac has Security Update 2017-001:

Open the Terminal app, which is in the Utilities folder of your Applications folder.
Type what /usr/libexec/opendirectoryd and press Return.
If Security Update 2017-001 was installed successfully, you will see one of these project version numbers:
opendirectoryd-483.1.5 on macOS High Sierra 10.13
opendirectoryd-483.20.7 on macOS High Sierra 10.13.1
If you require the root user account on your Mac, you will need to re-enable the root user and change the root user's password after this update.

https://support.apple.com/en-ca/HT208315





- Patrick
======

 

[chscag]

It gets better. I installed the update immediately when I saw it yesterday. This morning, I saw the update was posted AGAIN! I now have "Security Update 2007-001" installed twice. Because this bug is so severe, that patching it twice is the only way to be sure?

Same here. However, I suspect they (Apple) screwed up the first patch. Like I stated above, my system acted strange after the first patch and when I rebooted it came up and gave me the "Welcome" routine just as if I installed a new version of macOS. However, the second download of the patch was different in that my system acted normal and did not require a reboot.

Very sneaky of Apple to release a "patch" for the "patch" and call it the same thing! What the heck is going on at Cupertino?

 

[ProTruckDriver]

Very sneaky of Apple to release a "patch" for the "patch" and call it the same thing! What the heck is going on at Cupertino?

Your guess is as good as mine. But heads should roll with this major screw up.

 

[pm-r]

Very sneaky of Apple to release a "patch" for the "patch" and call it the same thing!

Not exactly the first time they have done a similar thing.

What the heck is going on at Cupertino?

Maybe they should open an office north of the 49th for some of their good programmers to escape to, just as Microsoft and some other's have done and the practice is seemingly increasing.




- Patrick
======

 

[Lifeisabeach]

Or maybe you get one for each of the bugs???

One for the "root login" vulnerability and one to fix the possible "sharing" goof up???

That was my thought, but I can’t connect to the shared volume on my iMac even though I can otherwise use “Share Screen” on it from the button in Finder. This started after the “first” update, and the second hasn’t resolved it.

 

[MacInWin]

The two updates were first to fix the root login problem, then the second was to fix the shared volume issue that the first fix created, even though there was a work around for it, too. If both fixes are applied, you will be at 10.13.1 (17B1003) release. I think Apple was pretty quick to sort the issue. Letting it out into the wild was a mistake, for sure, but they reacted quickly once it was known.

And my experience was that both applied just fine, no strange behavior at all.

 

[pm-r]

@Lifeisabeach

but I can’t connect to the shared volume on my iMac

I've been having the same "file sharing" type problems off and on for the last few days between some of our LAN Macs and none are even close to running High Sierra and some can't!!!




- Patrick
======

 

[Lifeisabeach]

The two updates were first to fix the root login problem, then the second was to fix the shared volume issue that the first fix created, even though there was a work around for it, too.

Eh, I still like the idea that they had to "shoot" the bug twice... just to be sure. ;D

 

[pm-r]

Eh, I still like the idea that they had to "shoot" the bug twice... just to be sure. ;D

Or just in case they thought their "fix" wasn't….

- Patrick
======

 

[Lifeisabeach]

Well this saga gets better. If you applied the security update but had yet to apply the update to 10.13.1, guess what happens when you DO apply the 10.13.1 update? The bug RETURNS!

Updating macOS can bring back the nasty “root” security bug

 

[chscag]

Just like real bugs... hard to get rid of em! Even after you spray, they keep coming back. LOL.

 

[dtravis7]

I did not have the issue with the network shares. I logged into the HS iMac with all my macs and even PC's. Maybe I was lucky but put in the 2nd patch just in case.

And funny one chscag!

I have had more bugs BTW as a Windows 10 insider with some of the builds than I have ever had with OSX/Mac OS Beta's. Once for 2 months I had no sound and the laptop was a Toshiba with standard Intel HD Audio! It literally took 2 months to get back my sound!

 

[pm-r]

Well this saga gets better. If you applied the security update but had yet to apply the update to 10.13.1, guess what happens when you DO apply the 10.13.1 update? The bug RETURNS!
… [/URL]

That and some other sites made me wonder what the current software programmer opportunities were at Apple, but I didn't bother searching for any for "Quality Control" but are lots of openings, and I do have to smile at their "home" page":

It’s what we do together
that sets us apart.
We’re perfectionists. Idealists. Inventors. Forever tinkering with products and processes, always on the lookout for better. Whether you work at one of our global offices, offsite, or even at home, a job at Apple will be demanding. But it also rewards bright, original thinking and hard work. And none of us here would have it any other way.

https://www.apple.com/jobs/us/corporate.html

but wow:

600+ jobs found

https://jobs.apple.com/us/search?jobFunction=SFWEG#&t=0&sb=req_open_dt&so=1&j=SFWEG&lo=0*USA&pN=0

That seems like a lot, but I guess there's lots of room now with their new Apple Park offices etc. and they have lots of devices and projects and OSs etc.to support.

PS: what's that expression about mishaps coming in threes????




- Patrick
======

 

[Rod]

I too had heard that the first patch may cause file sharing issues but I think there was a fix published by Apple using Terminal. Found in this article. http://rss.tapatalk.com/aHR0cHM6Ly9...vbmVCbG9n/?p=004d2ec0fcec374c9d6499d9463b2733

 

[MacInWin]

Yes, and Apple also issued a revised update that fixed the sharing. There was some confusion because Apple didn't change the release number, just the build number, for that second update.

 

[MacInWin]

That seems like a lot, but I guess there's lots of room now with their new Apple Park offices etc. and they have lots of devices and projects and OSs etc.to support.

Patrick, they have 123,000 employees, so having 600 openings is pretty amazing! That means that they are 99.995% staffed.

 

[pm-r]

Patrick, they have 123,000 employees, so having 600 openings is pretty amazing! That means that they are 99.995% staffed.

Yes Charlie, but only a fraction of those 123,000 employees are actually involved as engineers or programmers/developers.

And then it takes an outside developer mucking about and checking stuff out to discover a rather big security hole. But that's good that there's a few users like that that end up doing some OS quality control.

What I don't understand is why they seem to change or drop so much code with a newer OS rather than keep or improve the previous software.

Even the number of older printers/scanners etc. come to mind that become useless when the technology and language for sending/receiving the code to work hasn't really changed that much. I do however think that money may have something to do with it. Big understatement there I think!!!




- Patrick
======

 

[MacInWin]

Patrick, either Charlie or I am offended, since you called me him. I suspect it's him that's offended.

As for dropping code, I'm very glad they do that. Otherwise the whole system gets bloated. If all they did was to comment out the old code and leave it there, when compiled it would be kept in as comments, bloating the size of the OS. Windows does that all the time. Apple takes an approach that technology more than 6-7 years old is antiquated and too much trouble to maintain. The problem is, of course, that the hardware they build is so rugged and reliable, that even though it is getting a bit long in the tooth, it's still functioning. So they are caught in a dilemma: Do they abandon models that still work, or do they dumb down new features and functions to work in those old devices, at the expense of not working as well in the new devices due to bloat. Microsoft took the latter approach and the result is a very bloated Windows operating system that has code in every install that gets used in maybe 5% of the systems, but can break 100% of them. And which presents security opportunities for hackers to penetrate the system. Apple uses the former approach of just cutting the cord, figuring that most user can and will upgrade before a system gets to be 7 years old.

Of course the beauty of Apple hardware is that when Apple no longer supports it in the new releases of the OS, it will still be supported for a few years with patches, and after that you can always install Windows on it, or Linux, and keep going as a system for years past that.

 

[pm-r]

Patrick, either Charlie or I am offended, since you called me him. I suspect it's him that's offended.
… … …

Oh my God!!! My apologies to you both!!

My mind was on an earlier post and was confused. Easy thing to happen for me.

Sorry guys.



- Patrick
======

 

[chscag]

LOL, that's what's known as a senior moment Patrick.

And no, I'm not offended.