Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple To Review Software Practices After Patching Serious Mac Bug (reuters.com)

Posted by msmash on from the tightening-things dept.

Apple said on Wednesday it would review its software development process after scrambling to patch a serious bug it learned of on Tuesday in its macOS operating system for desktop and laptop computers. From a report: "We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused," Apple said in a statement. "Our customers deserve better. We are auditing our development processes to help prevent this from happening again."

4 of 192 comments (clear)

  1. Re:It tells Mac fanboys right by jellomizer · · Score: 3, Interesting

    Well other then this one, how many other viruses or gross hacks were there in the past 15 years?
    I can remember only 3 or 4 major ones during this time. The rest were on par with the normal security fixes that everyone puts out, mostly getting access to stuff as a user already logged into the system.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  2. It isn't even just security bugs like this... by ZorinLynx · · Score: 4, Interesting

    There's all kinds of cosmetic and usability bugs floating around, and Apple doesn't seem to be in a hurry to fix them. They're the kind of bugs that aren't showstoppers but are still very annoying or can result in bad data.

    The Calculator bug in iOS is one example of a recent bug that can produce bad data and wasn't fixed. Until iOS 11.2 (which isn't out yet!) even though it was reported way back in 11.0 beta, before the OS was released to the public.

    Another recent issue, though less important, is that the Weather widget will randomly stop updating, so you'll be seeing last night's weather instead of right now. This bug was also reported several versions ago and is as of yet unfixed in the latest 11.2 beta.

    I know bugs happen; nobody is perfect. But these are obvious, reproducible bugs that are not being fixed after being reported months prior. What the hell, Apple?

  3. Maybe they'll fix IOS Appleid popup as well... by jmichaelg · · Score: 4, Interesting

    IOS has a "feature" that the OS pops up a request for your Apple ID credentials at random times. Open Pandora and you'll get a popup. Open pretty much anything and the popup appears. There's no provenance to the pop up so you don't know what part of OS is asking for the credentials or why. Backup works without answering the request as you can be signed into iCloud and still get the pop up.

    My response is to dismiss the pop up and continue with what I'm doing but it's a PITA. A naive user will enter their credentials in the hope the "feature" is mollified which it sometimes isn't.

    The correct way for IOS to ask for the credential is for the popup to say "Open Settings/icloud ( or whatever) and enter your AppleID." Settings would second the request by posting a little icon indicating there's a response pending ala a text message. An animation within settings would guide the forgetful user if the path is more than one level deep in settings so they'd navigate to the proper IOS setting to satisfy the pop up.The point of all that is you know you're talking to Settings when you provide credentials.

    The current scheme is ripe for an app to steal your Apple ID. Write an app that does something kind of useful, wait for the 10th, 20th, run and pop an identical pop up that looks just like the OS popup. The user can't tell if it's the app or IOS asking and enters their credentials. Voila, you have access to the user's Apple ID. A little more elided hacking will circumvent 2 factor if it's enabled.

    Too much water has gone under the bridge that I guess an obvious attack is new again.

  4. Re: Maybe... just maybe. by ctilsie242 · · Score: 4, Interesting

    Even OS X has gone from great to "meh". I don't see many companies bothering to write Mac specific games. macOS is the only mainstream OS with no iSCSI capability. Apple is sitting on a ton of cash, they might as well throw a bit to make macOS a generation or two ahead of the pack. A few ideas that Apple can do:

    1: Things like hierarchical storage volumes, where when accessing a file, macOS will fetch it, or prompt you to connect the media (external HDD, CD, etc.) so it can access it. That way, you can store documents locally, have them get moved to iCloud, and transparently backed up to Time Machine, as well as a third party cloud provider (Amazon S3, Wasabi, Backblaze, etc.) It handles where the files and their backups are and warns the user if backups are not accessible... the user just accesses them through a volume. Security/encryption can be done at a file/folder level, so files can be easily shared or secured.

    2: Better enterprise-tier management, as in being able to be managed via GPOs. Companies would move to Macs en masse if they could be managed as easily as the Windows desktops.

    3: Better remote access, perhaps bring Back to my Mac up to par with LogMeIn or TeamViewer, with two-factor authentication, as well as optional authentication to the machine.

    4: The ability to virtualize macOS for VDI systems.

    5: The XServe back, with a built in hypervisor and license. It would be nice if it were bundled with ESXi, to help with item #4.

    Apple has so much cash, it is surprising why they haven't just tossed some man-hours into keeping well ahead of their competition with their products.