President Trump bans the use of Venezuelan cryptocurrencies
Apple's next big display innovation could be microscopically small
Sea of Thieves' 'Day One Patch' is a joke
Apple rolls out fix for MacBook's security flaw
04 December 2017, 12:57 | Jodi Jackson
PSA: Upgrading to macOS 10.13.1 will undo Apple's patch for critical root vulnerability
Apple released an update to its latest operating system for Mac computers and said it's changing development practices after a significant security flaw was disclosed Tuesday that allowed people to log in without a password, potentially making private user data vulnerable.
Apple's quick patch for the recently discovered "root" user bug can be undone by upgrading to macOS 10.13.1. Ergin said staff members reported the vulnerability to Apple on November 23, and he disclosed the flaw publicly in a tweet on Tuesday. "I can't think of anything worse that has been shipped by a major operating system in the past decade".
One small bright spot may be that the vulnerability requires local access and appears hard, though not impossible, to exploit remotely. This, in particular, provides access to the login screen in Mac blocked. "If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the "Change the root password" section".
"It's really serious, because everyone said 'hey, Apple made a very fast update to this problem, hooray, '" Innogy software engineer Volker Chartier in a statement to Wired.
In a Medium post today, Ergin today said his Twitter disclosure about the Mac bug was met with "many reactions like a blast". However, the bug is not fixed in that case until the user reboots the computer.
Developers can download the macOS Developer Beta Access Utility from the link below... It was discovered that it was possible to log into the "root" account without entering a password, and - although the company seemed to have been alerted to the issue a couple of weeks back - praise was heaped on Apple for pushing a fix out of the door quickly. "This is really REALLY bad".
Several experts have lambasted Apple for allowing the vulnerability in the first place.
Even if a Mac user reinstalls the security update after updating to macOS High Sierra 10.13.1 - and actually, Apple will automatically install it no matter what - users could still be at risk, according to Thomas Reed, a security researcher at MalwareBytes focused on Apple products. "Never mind one from a security and privacy-conscious company such as Apple", Steve Troughton-Smith, a Mac software developer, wrote on Twitter.
Lane Kiffin wants 'Bama after FAU's 10th straight win
The program had made two bowls in its brief history (as an FBS team since 2004, and only as a football program at all since 2001). If FAU wins the conference title, Kiffin may start getting more interest from big-name programs with head coaching vacancies.
'Potential for war with N Korea rising every day'
After the missile was tested, Trump tweeted Wednesday that "additional major sanctions will be imposed on North Korea". Still, he said, Pyongyang's actions had made America's alliances with Japan and South Korea "stronger than ever".
Ending the weekend with warm and cloudy conditions
Temperatures fight a battle to rise as colder air funnels in behind the front, with readings fairly steady in the 40s to near 50. A shower or two could linger into early Wednesday morning, with partly to mostly cloudy skies hanging around into the afternoon.