Apple Issues Security Updates for MacOS, iOS, TvOS, WatchOS, and Safari

Catalin Cimpanu, writing for BleepingComputer: Over the course of the last four days, Apple has released updates to address security issues for several products, such as macOS High Sierra, Safari, watchOS, tvOS, and iOS. The most relevant security update is the one to macOS, as it also permanently fixes the bug that allowed attackers to access macOS root accounts without having to type a password. Apple issued a patch for the bug the next day after it was discovered, but because the patch was delivered as an out-of-band update that did not alter the macOS version number, when users from older macOS versions updated to 10.13.1 (the vulnerable version), the bug was still present. With today's update, the patch for the bug -- now known as "IAmRoot" (CVE-2017-13872) -- has received a permanent fix. All users who upgrade to macOS High Sierra 10.13.2 are safe.

Wait, what?

[DontBeAMoran]

With today's update, the patch for the bug -- now known as "IAmGroot" (CVE-2017-13872) -- has received a permanent fix.

Re:Wait, what?

I am groot, I am root, get it?
Dont be a moran

Re:Wait, what?

[DontBeAMoran]

Damn, I was hoping to get a "Thank you Ted, that was the joke."

Dell

How come the Dell security updates aren't announced here too? More people use Dell than Apple.

Re: Dell

Lul. When Dell makes hardware and the OS, supplies updates, designs, and tests its ecosystem.

Re:Dell

[arth1]

How come the Dell security updates aren't announced here too? More people use Dell than Apple.

Have you submitted any story on Dell security updates here?

Re: Dell

Dell makes a lot of software in the server space.

Re:Dell

[davester666]

Dell doesn't patch their bugs. They just sell upgrades.

Re: Dell

Dell makes very little software in the server space that anyone actually uses.

Re:Dell

[Aaden42]

Does this count?

Dell begins offering laptops with Intel's management engine disabled

Too late if you activated Apple Pay

[WillAffleckUW]

Think about it.

They got your credit/debit cards.

Yup.

Re:Too late if you activated Apple Pay

[AHuxley]

Always use a gift card for software, music, movies. Who would risk having their CC with a computer company long term?

Re:Too late if you activated Apple Pay

>Apple Pay

Oh, I remember that. That was that thing for idiots who were convinced it was easier to carry around a 6 ounce, $1000 phone than a free 10 gram debit card because "tapping" was somehow infinitely less physically exhausting than "swiping".

So how's that working out for them?

Re:Too late if you activated Apple Pay

[WillAffleckUW]

>Apple Pay

Oh, I remember that. That was that thing for idiots who were convinced it was easier to carry around a 6 ounce, $1000 phone than a free 10 gram debit card because "tapping" was somehow infinitely less physically exhausting than "swiping".

So how's that working out for them?

Not sure, but they bundled it into the latest iOS 11.2 iPhone update.

Re:Too late if you activated Apple Pay

[Jeremi]

Oh, I remember that. That was that thing for idiots who were convinced it was easier to carry around a 6 ounce, $1000 phone than a free 10 gram debit card because "tapping" was somehow infinitely less physically exhausting than "swiping".

It is a bit easier to to "tap" using the cell phone that's already in your hand (because of course it is) than to dig out your wallet, then dig the credit card out of the wallet, then swipe, then (sometimes) sign your name on the little slip of paper, then put it all away again.

But that's not the real advantage of Apple Pay over a credit card -- the real advantage is that it's less vulnerable to replay attacks. WIth swiping a debit/credit card, anytime you make a purchase, you've given the seller all the information necessary to make more purchases on your account, whenever he/she wants to.

As for carrying around a 6 ounce, $1000 phone -- you're doing that anyway (except maybe for the $1000 part), so why not take advantage of it?

Re:Too late if you activated Apple Pay

So, using security paranoia - in a situation where you'd have zero liability to begin with - to 1) encourage and exacerbate smartphone addiction, 2) sell more iToys, and 3) get customers to drastically increase their reliance on Apple Inc. for basic everyday functioning. Yep, definitely seems like a fair price to pay to get rid of the extreme inconvenience of carrying around N+1 tiny little plastic cards when you could get by with only N.

Re:Too late if you activated Apple Pay

If your shopping and your cell phone is already in your hand then you have other problems. incidentally I just tap my credit card, I set it up on phone too but it is a fucking hassle and clumsy getting a large device out of your pocket to pay for something as opposed to a tiny lightweight card that has no dependency on battery, applications etc etc.

Re:Too late if you activated Apple Pay

[tsa]

Yeah, it's a nice example of obsolete before on the market.

Re:Too late if you activated Apple Pay

[Merk42]

If your shopping and your cell phone is already in your hand then you have other problems.

Most people shop with their phone, on a website (or App)

Still on 10.12.6

And aint movin from it. Runs like a dream, just some whining from notifications now and then to update...

WHY!!!

Re:Still on 10.12.6

Nice they at least give you a choice to update macOS and iOS - even though it nags.

Unlike all those Android updates from carriers. What a pain those are.

Re:Still on 10.12.6

[AHuxley]

Wait for the pushed security upgrade from macOS to iOS.

Re:Still on 10.12.6

Good luck playing Russian Roulette with apple updates.

Apple fuck-nuggets broke the boot process AGAIN

[Windrip]

Try to avoid this update if possible.
The previous High Sierra update failed when trying to start the window manager. I was able to recover by starting in single user mode and immediately exiting, which started the window manager.
With this update, the Apple fuck-nuggets have broken that work-around.
I have a macbook pro w/ 15" screen for sale.

Re:Apple fuck-nuggets broke the boot process AGAIN

Better sell it, so you can save up for the new iMac PRO.

Only 5k and non-upgradable ram/cpu. it's THE machine for REAL pros.

Re:Apple fuck-nuggets broke the boot process AGAIN

That's your problem "Window" manager :)

Re:Apple fuck-nuggets broke the boot process AGAIN

How much mcfcknugget?

Re:Apple fuck-nuggets broke the boot process AGAIN

[Windrip]

I got the bitch back on the air. Reinstalled via ctrl/apple/r (?) which still failed to start the *cough* window *cough* manager, but at least the single-user + exit technique still worked.

I still think these developers need a taste of the triple lashed whip

Apple releases security updates...

for security updates for their security updates!

10.13.2 has the "username root no password" bug

Secure system preferences can be unlocked in macOS 10.13.2 by using username "root" and supplying no password.

This was a bug that was in 10.13.0 and 10.13.1 that they addressed with an emergency security patch last week. But the new version of macOS released yesterday apparently did not include this fix, because it is now possible to access secured parts of the macOS in this way.

Apple is quickly becoming a fucking joke.