Apple bug: Big huge major massive dangerous devastating dumb stupid embarrassing shameful. Update: patched

When a security hole is discovered in Apple’s vaunted walled garden, headline writers reach for their modifiers.

Bloomberg’s Mark Gurman had the scoop, naturally. I counted 80 me-too stories on Techmeme this morning and made note of the adjectival faves:

  • Major bug 11
  • Huge bug: 7
  • Massive bug: 5
  • Stupid bug: 4
  • Dangerous bug: 2

If you have a Mac running the latest version of High Sierra and fear for its security, there is no shortage of how-to-fix links, including Apple’s workaround.

My take: I’m waiting for Cupertino to release the official patch. My MacBook is never unattended, and I don’t need another password to forget.

UPDATE, a patch and a statement attributable to an Apple spokesperson:

Security is a top priority… yadda yadda yadda…

When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. This morning, as of 8 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra. 

We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.

That was fast.

9 Comments

  1. David Emery said:

    Frankly, this time they’re not far off. The word I’ve used was “appalling,” and the description I’ve seen of it makes me think it’s a result of a combination of sloppy coding and poor software configuration management and quality assurance.

    (The thing about software CM and QA is that you can actually throw money at them and get substantial improvements.)

    1
    November 29, 2017
  2. David Drinkwater said:

    Looks to me like someone created a back door for development purposes, but forgot to close it prior to formal release. That’s analogous to me setting up a dummy password while my laptop is in the shop and forgetting to “fix it back” when the laptop returns home. Sloppy, but human.

    1
    November 29, 2017
  3. George Ewonus said:

    Yes, the sky is falling. I usually do not upgrade my machines until the New Year simply to avoid any untoward issues. Works for me. And yes Apple has released a patch. Apple is not down due to a bug, unless the whole tech market caught it,

    0
    November 29, 2017
  4. Richard Wanderman said:

    There’s definitely something going on with High Sierra, lots of folks are having issues beyond this security oversight.

    I’ve had issues with it since it came out. The entire thing feels half-baked to me compared with Sierra which ran well on both of my Macs since its release. I’ve had a case number with AppleCare for months now and we’ve tried everything (well, a lot of stuff including two clean installs with no migration which were a pain in the rear).

    The sky isn’t falling but High Sierra was not supposed to be a major update to MacOS except for the file system change (which may be the cause of some of the performance issues people are having). It definitely seems like Apple has a QA issue with MacOS.

    0
    November 29, 2017

Leave a Reply