[–]▶ No.851176>>851193 >>851205 >>851212 >>851225 >>851457 >>852648 [Watch Thread][Show All Posts]
macOS High Sierra's App Store System Preferences Can Be Unlocked With Any Password
A bug report submitted on Open Radar this week has revealed a security flaw in the current version of macOS High Sierra that allows the App Store menu in System Preferences to be unlocked with any password.
https://openradar.appspot.com/36350507
>Summary: The AppStore Preferences in System Preferences can be unlocked by a local admin with any bogus password.
>Steps to Reproduce:
>1) Log in as a local admin
>2) Open App Store Prefpane from the System Preferences
>3) Lock the padlock if it is already unlocked
>4) Click the lock to unlock it
>5) Enter any bogus password
>Expected Results: The authorization to fail.
>Actual Results: Authorization succeeds and grants access to change the AppStore preferences.
▶ No.851182>>851185
Is this supposed to be a feature?
▶ No.851185>>851274
>>851182
Who cares? No macos users here.
▶ No.851193
>>851176 (OP)
the login just werks man, it's a feature
▶ No.851205>>851207 >>851236 >>853815
>>851176 (OP)
>Steps to Reproduce:
>1) Log in as a local admin
hmmm
▶ No.851207>>851209
>>851205
How to log in as local admin on MacOS:
1) Click on 'Show Password Hint'
2) Copy hint into password textfield
▶ No.851209
>>851207
Ooops sorry. I meant to say this:
1) Hit Enter with empty password until it works
▶ No.851212>>851231 >>851235
>>851176 (OP)
Apple's back-end technology is usually pretty solid but clearly something is wrong with this release.
I guess that's why they named it High Sierra.
▶ No.851225
>>851176 (OP)
macOS user here, confirmed true
▶ No.851227>>851275
not a big deal, but makes you think about their code quality
▶ No.851231>>851425
>>851212
>shitty research kernel with FreeBSD 4 and old GNU stuff bolted on top
>solid
▶ No.851233
Did anyone really expect that peice of shit to be secure?
▶ No.851235
>>851212
I haven't updated yet because I'm lazy as fuck but it seems i'm dodged a bullet.
▶ No.851236>>851238
>>851205
The problem was that this bug actually creates a local admin user even if one doesn't already exist.
I thought this was reported months ago.
▶ No.851238
>>851236
That was a different bug that could be replicated by a non privileged user
▶ No.851252
I-I cannot control it anymore...
iFAGS BTFO
▶ No.851274
Jesus Christ Apple, this is at least the third dumb security fail you've had with High Sierra.
>>851185
Wrong, I use it.
▶ No.851275>>851297 >>851300
>>851227
It seems they've all but abandoned MacOS, putting all their resources into iOS. Very odd though, considering the amount of cash they have on hand, they could build a very competent team. I should have known it was going downhill when they fired most of the kernel developers though.
▶ No.851297>>851309
>>851275
>they fired most of the kernel developers
when?
any links on this?
▶ No.851300>>851309
>>851275
they'll soon be ARM only
▶ No.851309>>851335
>>851297
Strange, I cannot find a source for you, but I definitely recall them downsizing the team and moving some into iOS. Hubbard is the most high profile one that worked on the OSX kernel but he left in 2013.
>>851300
Especially if that "What's a computer?" ad is anything to go by.
Oh and, obligatory Apple fanboy internet defense response is pic related.
▶ No.851325
I wanted to see what the macfags on reddit were saying about this. Here's one from /r/macos, this is battered-wife syndrome.
▶ No.851335>>851352
>>851309
>he left in 2013
Thats also about the same time OSX really started to go to shit. Mavericks was the start of the real shitshow and its been getting worse since. Now its like they are not even trying. They are slow to release updates and high priority things get botched.
10.4 was the high watermark and coincidentally it was the last release before they came out with iOS.
My bet is they just have a few pajeets limping it along until they switch to ARM.
▶ No.851352>>851363
>>851335
Apple is moving Mac consumers from OS X to iOS. The Mac will die within a few years because Apple is killing it.
▶ No.851354
▶ No.851363>>851403
>>851352
Seems so. I'm already dual booting a linux distro after the disastrous high sierra.
▶ No.851376>>851384
My employer sent out a notice that macfags should upgrade to High Sierra this week because of Meltdown.
This is ridiculous.
▶ No.851384>>851538
>>851376
I'm pretty sure the Meltdown patches are backported to Sierra.
▶ No.851403>>851408
>>851363
>Seems so. I'm already dual booting a linux distro after the disastrous high sierra.
I am stopping at Sierra also. When things start to break from requiring High Sierra I'll move on to TrueOS or FreeBSD.
▶ No.851408>>851411
>>851403
>TrueOS or FreeBSD.
I was very tempted by both of those options, but figured linux would be smoother on a laptop.
▶ No.851411>>851447
>>851408
>FreeBSD
>secure
>cy3
▶ No.851425>>851452
>>851231
>FreeBSD 4
But Apple is one of the top contributors to FreeBSD 12.
▶ No.851447>>851514 >>851540
>>851411
do you know de wey?
▶ No.851452
>>851425
Apple also funded Clang. That let freebsd get rid of gcc.
▶ No.851457
>>851176 (OP)
>Log in as a local admin
This is like saying root can use passwd on any other user or see what is in their /home.
"admin" is superuser on OSX.
▶ No.851514
>>851447
I'm buttfucking your shitty forced meme for luls and trolling violent leftist domestic terrorists.
▶ No.851538>>851654
▶ No.851542
>>851540
> I know de whey
HAHAHAHAJAHAHHAHAHAHAHAHAHAHAHAHAHAHAHHAHAHAHAHAHAHAHHAHAHAHAHAHAHHAHSHAHAHAHHAHAHAHAHAHAHAHAHHAHAHAHAHAHHAHAHAHAHAHAHAHHAHAHAHAHAHAHHAHAHAHAHAHHHAHAHAHAHAHAHHAHAHAHAH
LOLOLILILILILILILILILLLLLLLLOLOLOLOLOLOLOL
▶ No.851654>>851672 >>852655
>>851538
>SOURCE? Source??? You got a source????
Do your own research. I also expect they'll patch El Capitan.
▶ No.851672>>851679
>>851654
>make claim
>sperg out when asked for proof
wew
▶ No.851679>>851680
▶ No.851680
>>851679
My mistake, it looks like only Spectre has been addressed for El Cap/Sierra, I would expect Meltdown to be patched for Sierra given the severity, but it does not appear to be patched yet.
▶ No.852648>>852653
>>851176 (OP)
Found another bug which is arguably worse than this
https://apple.stackexchange.com/questions/312294
tl;dr when the screen is locked, a snapshot of the screen (at the moment when it was not locked --- may have some important data obviously) can be trivially seen by anybody who has a fraction of a second of physical access.
▶ No.852653>>852654 >>852671
>>852648
I'm happy to read these news because they mean Apple will be rotten in five years or less
▶ No.852654>>852664
>>852653
But what should I do to make it also appear in the news articles or something?
AFAIK it's a new thing, and while it's not as devastating as the empty root password or password being put into the hint, it's still quite bad
▶ No.852655>>852664 >>852833
>>851654
>Do your own research
>closed source system
…
but whatever, I already made the mistake of upgrading to High Sierra anyway
▶ No.852664>>852670
>>852654
Spread it on the Apple subredit.
>>852655
Sorry for sperging out, I unfortunately had to visit reddit for some information and your post reminded me of how those tards speak.
▶ No.852670>>853512
▶ No.852671>>852674
>>852653
Apple is intentionally ruining the reputation of OSX and Macbook so they can discontinue the whole line and get everybody using iOS.
▶ No.852674>>852682 >>852690
>>852671
iOS cannot do what macOS can. the direct migration path is Ubuntu or fucking Windows.
▶ No.852682
>>852674
For you. For the average normie, the phone is actually more powerful because you can easily take it anwhere for the purpose of taking a selfie.
▶ No.852690>>852694 >>852726 >>852826 >>852855
>>852674
>iOS cannot do what macOS can.
Most normies can get along fine with just an iPad. What do they see as the biggest limitation for general use? Smaller screen and no real keyboard/mouse.
/tech/ can't see it because we all need full blown computers but when you look at the industry the "Desktop" computer in the home is dead. Laptop sales are flat or falling.
Look at what the typical Mac users do. Word possessing, email, video streaming, social media. All shit that could be done on iOS with a tweaked UI on top of it.
▶ No.852694
>>852690
>Word possessing
spooky tbh
▶ No.852726
>>852690
>normies
>reddit spacing
▶ No.852826>>853762
>>852690
maybe, normies can.
but if apple wanted to ditch macos, they could simply kill it and be done, why not?.
also, I've heard that ios 11 is also a piece of shit, I cannot confirm because I never used or will use it, but that's what the web is mumbling.
▶ No.852833>>852840
>>852655
>made the mistake of upgrading to High Sierra anyway
Have you noticed that PDFs render atrociously on HS? On my machine (and it seems many others) the fonts are very blurry. The reason for it is apparently because they ported the iOS pdf renderer to the MacOS and the result is pure crap. If they're not able to fix it by 10.3.3 I'll probably wipe the OS off.
▶ No.852840>>852844
>>852833
Looks OK but I am using RETINA™ DISPLAY™ so maybe it's not representative.
Are you testing with PDF file which has real text (as text) or a scanned image?
Anyway, the Preview is shit for image viewing and it always was. It fucking can't open several images to show them in order, it randomly breaks the order and/or opens in more than 1 window, arbitrarily choosing which image goes to which window. This is beyond unreasonable.
You also ave the choice of using a browser, nowadays most of them have embedded pdf.js which usually can handle PDFs without problems.
▶ No.852844>>852847
>>852840
Yeah Retina display, and real fonts. The other popular PDF viewers all seem to use Apple's PDFKit, so display the same problems. I refuse to install Adobe software so Acrobat crapware is out of the question. Browser rendering is actually what I resorted to, but it's a pathetic work around.
▶ No.852847
>>852844
Also, it's not just PDF issues. Apart from the lackadaisical approach to security, even things like Spotlight occasionally crash, and I've encountered a few issues where the machine does not wake from sleep. All of these issues seem to be fairly common in high sierra.
▶ No.852855>>852975
>>852690
You either have the full power of a computer available to you or you have a glorified tv. Users can't get better if the whole system is locked down.
▶ No.852870>>852873 >>852923
Wasnt there also a thing where you could unlock accounts by typing 'password' into the password field?
What the fuck apple, get your shit together.
▶ No.852873>>852923
>>852870
Not even password, just typing anything worked. There was also the incident where it saved your full password as the password hint. It's like Apple put all the lowest IQ diversity hires into MacOS development. It's a shame, because I happen to like the OS (when it works), but they seem intent on ruining it.
▶ No.852923
>>852870
>>852873
>Wasn't there also a thing where you could unlock accounts by typing 'nigger' into the password field?
▶ No.852975>>852992
>>852855
Apple wants a closed system like iOS. If mac users run stuff that they got outside of the App Store then Apple sees that as a fault.
It is clear Apple doesn't give a shit about OSX and did a damn good job getting rid of the powermac users and old UNIX guys. They don't want power users they want consumers.
Replacing native OSX applications with ones ported from iOS is just the beginning.
▶ No.852992>>852995
>>852975
I still struggle to believe how a company with the resources of Apple can put out something as retarded as the cylinder Mac Pro, emoji bar Macbook Pro or let models line languish for half a decade without updates. They might not have always been price or performance competitive depending on the chips at the time but at least it felt like they fucking tried back then.
▶ No.852995>>853180 >>853428
>>852992
Steve Jobs was the only thing holding them together. After he died it all went south as the company started being led by Pajeets.
▶ No.853180>>853413
>>852995
Ya Jobs would never let Mac get to what it is today. Compared to the iPhone/iPad it's weak on profits but that never stopped him from sinking money and engineering in.
▶ No.853413
>>853180
out of curiosity I checked their site, the trashcan hasn't been updated since release.
no worries though, the imac pro with it's starting price of only $4,999* will surely sell.
* configures up to $13,427. mfw
▶ No.853428>>853461
>>852995
To be fair, the Powermac Cube was Jobs' baby and that was a retarded idea too. At least he wasn't stupid enough to replace the regular model with it though.
▶ No.853461>>853506 >>853532
>>853428
The cube didn't really catch on but the Mini did. Apple has sold tons of them but they are letting it die now. No update since 2014.
▶ No.853506
>>853461
The Mini is the last good computer they have left. WTF
▶ No.853512
>>852670
Holy shit, the top response you got (upvoted 174 times)
> Honestly I can’t remember a macOS release that didn’t do that. So, it’s not a High Sierra regression.
There's nothing wrong with this because it has been broken for a long time!!!! This is why even people who like Macs hate the Apple fanboy.
▶ No.853532>>853619
>>853461
The mini is just low end specs in a small package and was their cheapest model. So of course it sold. Comparing it with the Cube is silly.
▶ No.853619
>>853532
The Mini was what Apple customers actually want. The Cube is what Jobs thought they wanted. The MacBook Air is what Apple thinks their customers deserve.
▶ No.853762
>>852826
>, I've heard that ios 11 is also a piece of shit,
Apparently so. They had some sort of bug last month where any notification would cause the system to crash if the date was December 2nd.
https://www.imore.com/iphone-crashing-dec-2-heres-fix
There goes my theory that MacOS sucks because of concentrated iOS development. Just what the fuck are they doing in that spaceship? I don't want to know.
▶ No.853798
Letting the hard to engineer macs rot for years and doing the absolute bare minimum with OS X is really starting to advance that switch to ARM rumor.
▶ No.853815>>853819
>>851205
Everyone makes themselves admins when they turn their computers on for the first time.
▶ No.853819
>>853815
>functional illiteracy
cool