Hacker News new | comments | show | ask | jobs | submit login
macOS High Sierra: Anyone can login as “root” with empty password (twitter.com)
3001 points by vladikoff 9 months ago | hide | past | web | favorite | 1055 comments



Just in case it is relevant for anyone here this is what our security team have established thus far:

- Can be mitigated by enabling the root user with a strong password

- Can be detected with `osquery` using `SELECT * FROM plist WHERE path = "/private/var/db/dslocal/nodes/Default/users/root.plist" AND key = "passwd" AND length(value) > 1;";`

- You can see what time the root account was enabled using `SELECT * FROM plist WHERE path = "/private/var/db/dslocal/nodes/Default/users/root.plist" WHERE key = "accountPolicyData";` then base 64 decoding that into a file and then running `plutil -convert xml1` and looking at the `passwordLastSetTime` field.

Note: osquery needs to be running with `sudo` but if you have it deployed across a fleet of macs as a daemon then it will be running with `sudo` anyway.


osquery is not a built-in tool. You can get the same info with plutil(1):

  $ sudo plutil -p /private/var/db/dslocal/nodes/Default/users/root.plist
If I understand OP correctly, if passwd is a lone asterisk, then you haven't been exploited.

Edit: trying a little harder to dump accountPolicyData:

  $ sudo defaults read /private/var/db/dslocal/nodes/Default/users/root.plist accountPolicyData | grep -oE '[[:xdigit:]]+' | xxd -r -p


>if passwd is a lone asterisk, then you haven't been exploited.

At the risk of sounding a bit pedantic you can't really assume that, it's possible that somebody used this vulnerability, installed some sort of backdoor and then disabled the account to hide their tracks.


That's correct.


Bad news: I tried the exploit in my macOS Sierra installation and it didn't seem to work. However, the passwd entry on the output of your first command IS A LONE ASTERISK.

However I still can't login as root. This leads me to believe this behavior has always been there, and maybe the login methods just didn't allow an empty password.


This is very normal in 'nix' systems. '' indicates a locked account. (I've given up figuring out how to escape an asterisk)

ex:

  daemon:*:1:1::0:0:Owner of many system processes:/root:/usr/sbin/nologin
  operator:*:2:5::0:0:System &:/:/usr/sbin/nologin
  bin:*:3:7::0:0:Binaries Commands and Source:/:/usr/sbin/nologin
  tty:*:4:65533::0:0:Tty Sandbox:/:/usr/sbin/nologin
If the OS is letting you in with a '*'in the encrypted password field, something is very very wrong.


I'm confused, why do you have to escape an asterisk?


He's stuck inside


Markdown in HN comments.


Famous last words of a Roman centurion.


Nah, I've never seen them do worse than knock people out. Probably the next thing the centurion said was "Ow, what hit me!".


wildcard.


Only High Sierra is affected.


`sudo dscl . -read Users/root accountPolicyData`


When you do this you'll get the creationTime and passwordLastSetTime as seconds since the 'epoch' – January 1, 1970, 00:00:00 (UTC). These are numbers like 1474441704.265237 which aren't very easy for a human to read :-)

To convert this into a human-readable date and time, open a terminal and do this:

  python

  >>> import time

  >>> time.strftime("%a, %d %b %Y %H:%M:%S", time.localtime(1474441704.265237))
You'll get something like 'Wed, 21 Sep 2016 07:08:24'

(I'm sure you can do this in other languages than python...)


If you're already in the terminal you could instead enter

  date -r 1474441704


This is a much better answer!


One of my Macs is showing a root password change date of Nov 10th 2017. I can't explain that, so I'm reinstalling now. It did have sshd enabled and remotely accessible, though I thought root login was prohibited.

If I understood correctly, this particular bug was only exploitable from the GUI and this machine hasn't been away from home, so it's likely this isn't related, but posting here, in case it's part of a bigger picture.


OK, I guess when doing OP's root trick, the root user gets activated/created, and that's that's when the PW gets set to empty. I guess that's where my passwordLastSetTime comes from.


This works remotely as well (although not through SSH, obviously).


possibly the same timestamp here: 1510300538.767916 'Fri, 10 Nov 2017 04:55:38'


Oh wow. Is there any other explanation for this other than this having been exploited in the wild for almost three weeks? Or maybe someone just tried to log in over SSH to exploit some other weakness (something like predictable SSH passwords on jailbroken iOS devices), and happened to create the root user on your machine?

Did you also have sshd running, and do you know what kind of network you were using at the time?


My root pw passwordLastSetTime says this morning.. the fuck??


Wait, isn't the point of having root you can erase your traces? Are these logs immutable, even to root? That sounds pretty next level.. and how do I trust the tools?

As far as I know, possibility of root = root = pwn, game over, time to format.


System Integrity Protection (SIP)[1] does prevent even the root user from modifying some system files[2]. It seems possible, at least in principle, to protect system logs from modification by user root. In practice, I think most system logs are stored in /var, and that part of the directory tree does not appear to be protected by SIP (but I hope I'm wrong!)

[1] https://support.apple.com/en-us/HT204899

[2] Unless/until you reboot to a diagnostic monitor on a special partition (which requires pressing command-R from a local keyboard during the POST), then run a command to disable SIP, and then reboot again. Continuity Activation Tool requires users to perform this step as part of the install process to allow installation of Bluetooth drivers not originally signed by Apple.


A motivated and knowledgeable adversary could most likely load a custom kext to bypass the integrity measures. Am I right?


You can't load unsigned kexts anymore, due to that same SIP. It's a pain in the gonads when hacking your own kexts. I had forgotten about this, but it does indeed allow for a system that leaves an audit trail which cannot be hidden, even by root.

However, user labcomputer is right, I doubt that applies to the solutions proposed by OP here. Well, I'm certain: root can switch out the shell or terminal emulator binary itself and have it lie about executing those commands and return something trustworthy. One way or another, to truly check this, you'd need an immutable audit log (probably not currently available), AND a reboot into safe mode or a mount as a HDD onto a safe system.


> Can be mitigated by enabling the root user with a strong password

Instructions from Apple: https://support.apple.com/en-us/HT204012


And if you're thinking that manually disabling root might also fix this, it won't. You have to leave root enabled.


Security update now available: https://support.apple.com/en-us/HT208315


You can also get the password last set time with:

    sudo dscl . -readpl "/Users/dan.koepke" accountPolicyData passwordLastSetTime


ok dan...


apple have a security update out now: https://support.apple.com/en-au/HT208315


Excellent! Thanks for sharing


I see a lot of comments here wondering why Apple seems to not care about software quality anymore. I don’t know if that’s true, but there’s a perfectly obvious answer: They don’t have to.

Software quality in macOS was important back when they were trying to get people to switch from Windows-based PCs to Macs. Nowadays, most people who were going to switch have already switched, so Apple has no incentive to keep up the same level of software quality anymore. They just have to keep people locked into their ecosystem (with iPhone etc.) enough that the barrier to switch out again is high enough.

There is no reason for Apple to improve macOS, since doing so won’t make anyone switch to Macs who hasn’t already switched, and not improving macOS won’t make anyone upset enough to switch back. Ergo, Apple leaves macOS to stagnate, and they will keep macOS at this bad-but-not-horrible-enough-to-switch level for the foreseeable future.

That’s my theory, anyway.


These days, where is the lock-in?

The core applications that I use (Firefox, Docker, VSCode, vim, ...) all work just as well on Linux, MacOS and Windows.

I have a Mac, because it's (at least previously) been pretty secure by default, doesn't require me to invest a lot of time sysadmining my own box, and lets me dip into a healthy ecosystem of commercial software useful to my hobbies (like photography.)

The software has definitely declined in quality, but not enough to massively annoy me.

If there is lock-in, it's on the hardware side. I've got an early 2013 MBP, still going strong, a bit dented but it's been around the world with me a few times, so that's understandable.

My workplace uses Dell XPS hardware, and that's good, but it still doesn't feel as solid to me. It's good, but it's not as good.

I think the hardware is the laurel Apple has really been resting on.

I could meet my main use cases on Linux quite happily, and dual-boot Windows for the rest. Right now the premium on Mac hardware, which only happily runs an increasingly decrepit operating system, isn't looking worth it. Previously, it was.


It's a mental lock in now a days.

Most people don't realize but the vast majority of Video Editing was Windows based till about 2010 when Final Cut was considered best in class (I can't stand Final Cut myself but to each their own...) The vast majority of video editing is now Premier due to Apple's handling of Final Cut Pro and the lack of support for the Mac Pro (They usually sit in back rooms as expensive file servers) Also most people mentally think that somehow Apple is better for design but the software runs just as well on Windows.

The iPhone and the money spent on software is what is keeping people these days. But whenever I talk with my friends they are certainly not thrilled and zealots of Macs anymore. The vast majority of my video editing friends are getting really frustrated with what they call the ceiling. Do you really want to be editing full time on a lap top? The Mac Pro isn't a real solution for full time editors.


It's also display quality. If you're doing design work you can use a MacBook pro and be pretty sure that the color is accurate with no calibration. If you switch platforms you have to sort out the enterprise and gaming displays, which have totally different selling points (price and responsiveness, respectively). Getting a good display and accurate color on a Windows machine requires a lot more knowledge and effort. This is definitely less true since Apple abandoned their display line (one more bit of evidence that Apple doesn't care about the professionals that established their brand anymore).


Those Apple mirrors (err, thunderbolt displays) were definitely not close to color accurate. The macbooks are okay I guess?

When I worked at a major printing company, they were not using Macs because people would THINK they were color accurate when they were very much not, and we had a bunch of calibrated Dell monitors around specifically for that purpose.

So definitely more of an urban legend than anything. Apple displays are reasonable, they're decent IPS panels, but they're middle of the road if anything.


I own my own calibrator. I calibrate every monitor I use for Video. I have never seen a accurate monitor in the wild yet. The funny thing is I can get a horrible cheap monitor to be calibrated in a dark room and it is better than anything not calibrated.

People need to buy calibrators. I use the open source ColorHug it runs on Linux so I actually use a live cd and do the calibration. http://www.hughski.com/


My partner does photography and has a Datacolor Spyder 4, which I of course borrow to calibrate all my monitors. At work I have a 30" IPS and next to it vertically an old 24" tn-film. After calibration, they are very close color-wise and they both are very enjoyable for reading code. The tn panel has worse viewing angles and about ~80% of sRGB, but after calibration it is absolutely much nicer even for development.

I calibrate my monitors with DisplayCAL[0] on Linux.

There should be one calibrator in every office, the difference it makes is enormous.

[0] https://displaycal.net/


I'm not sure I agree with this. Or at least it goes too far to say that it's a mental lock in.

Yeah Apple is making some very bad mistakes in their software quality, but there are two things that are very essential to the Mac experience that still make it the most straightforward choice.

One key advantage Macs have over Windows is that they run Unix. You can open a terminal and be involved with most of the Linux/Unix monoculture that exists and have access to much the same tools. No VMs and all the hassle they bring to take into account, mostly at least.

One key advantage Macs have over Linuxes is the availability of good quality graphical software. If you like a GUI for Git, the best are available on Mac. It has OmniGraffle, which many regard as amongst the best diagramming software out there. It runs a very decent version of Microsoft Office. Many would argue that - especially for developers - the software ecosystem for Macs is even superior to Windows. And add on top of that is that this also runs on a still mostly flawless out-of-the-box experience.

Sure, I bet most people could switch to Linux or Windows if they wanted to go through some effort. But it's more than a mental lock-in, you give too little credit to the Mac ecosystem. It might not be the obvious best place to be anymore, but it's still great value. As was pointed out before, this seems to be something that Apple is okay with.

I really hope Apple feels this security incident steps up their game - they deserve all the hate they get for this. But the Mac value proposition will barely change for most people, as sad as that may be.

Please note as disclaimer that although I do use Macs sometimes, I spend most of my time on Windows and Linux systems.


> One key advantage Macs have over Windows is that they run Unix. You can open a terminal and be involved with most of the Linux/Unix monoculture that exists and have access to much the same tools. No VMs and all the hassle they bring to take into account, mostly at least.

Thankfully we are getting there with "Windows Subsystem for Linux." I am using the OpenSUSE subsystem which you can install in the Windows 10 store. It isn't perfect but it sure is getting closer.


> Thankfully we are getting there with "Windows Subsystem for Linux."

But then you have to run Windows. I still prefer MacOS by a large margin. I would move to Linux, but I want Photoshop and more of that without having to start a Windows VM.


Windows 10 and Windows 8 have really moved the OS forward in my opinion.


> Also most people mentally think that somehow Apple is better for design but the software runs just as well on Windows.

Back in the PowerPC days, a large part of every keynote was getting Phil on to press the spacebar so we could all see how much slower Photoshop was at making the poster for Inspector Gadget. Can't help but feel like this was where a lot of people cut their teeth on this opinion. While Mac OS 9 and its users (niners) are a tiny minority now, I suspect a lot of those shops moved to Mac OS X.


> PowerPC days

But that was all a lie about the speed of Macs. It was absolutely smoke and mirrors. Intel CPU blew the doors off the Power PC. Case in point, Apple switched from Power PC to Intel and saw a huge speed increase. The "Cult of Mac" was 100% anti-Intel and people would tell me that the G5 Power PC was the fastest personal computer you could buy. All lies and dishonesty. Apple for years caused huge animosity of "Apple Fanboys" vs Intel.


While you don't believe you are locked in, I don't believe that you as a programmer "power user" are the majority that Apple cares about.

I believe not only that for the majority of users there is a level of software lock-in, but further there is a high level of psychological lock-in, where users get used to and comfortable with Apple's design strength, which is Apple's main offering.

As people get more comfortable and more older it is easy to say that people get more resistant to change.


>These days, where is the lock-in?

Photos, apps purchased, and iMessage are overwhelmingly the reasons I don't see people switch. All their kids photos, etc, are stored away and they'd have to figure out how to nicely export them. iMessage is seemless for them across devices while an alternative like Hangouts doesn't have the market penetration—it isn't ubiquitously used even among just Android users. Apps purchased I added to the list because often people don't think about it, but if you mention "re-buying all your apps" you see the frown appear on their face.


Without directly disagreeing with your post, I think there is a slight OS lock-in, in the fact that the MS alternative is a horrible piece of burning wreckage. Anybody that had to put up with the autoupdate experience in Windows 10 (oh, you were doing something important? Never mind, I'll just hog your network in random intervals for like an hour without you having a way to stop me and then I'll take 2 hours to apply the patches before the reboot), can understand that Apple was playing without serious competition for some years now.


There are many lock-ins, first there is iMessage, second there are some apps that still work only on Mac OS X I don't remember the name of the software but I once was sent a design file and was only able to open it on a Mac OS X software (there was a windows alternative but it didn't allow me to edit the file as needed). Another example is XCode, you need a Mac to properly create iPhone apps. For programming, there are also issues with symbolic links on Windows.

I personally prefer Windows, but as a software developer I had to buy a Mac, I grew tired of having to always power-on a Mac OS X virtual machine. My job is so much easier now then it was on windows.


iMessages is the lock-in. It is the primary reason why I switched to the iPhone.

I have the macbook pro, iphone, watch, airpods, and they all work pretty great together. It's a cohesive experience that is going to be really hard for me to break out of it.


iMessage is a huge lock-in for non-technical users. They are just obsessed with it on iOS. You can find tons of forum posts with people throwing fits that XYZ Android phone doesn't have iMessage.


This might me valid for the US. Anecdotally, where I live (Switzerland/central Europe) almost nobody uses iMessage, and WhatsApp is the big dominator.


I used WhatsApp, Telegram, Messenger and Skype on my phone in the past two hours. Obviously no iMessage because I'm on Android. Maybe my friends with an iPhone use only iMessage between them (I doubt it) but the network effect is all for WhatsApp and Messenger where I live (Italy). Probably nobody switches to Apple because of iMessage here, but it could be a lock in if you really use it.


I honestly don't think most iPhone owners in Europe even understand that iMessage is not SMS.


I'm not sure the correlation is technical proficiency by itself, I think it's based upon a critical mass of your social circles using iMessage or not using iMessage. If you choose to, you can probably make a correlation between "technical savviness" and a user's choice between Android and Apple, but I don't think that is a deciding factor in who uses iMessage.

The reason people throw fits is because the experience between a group messaging together on iMessage is exceptional - this experience breaks down when even one of your friends in the chat doesn't have an Apple product. They aren't able to send or receive the majority of the "chat add ons" iMessage provides. I'm sure making the bubbles green vs. blue only helps to stoke the "us vs. them" fire.

I consider myself to be a reasonably technical user and still prefer to message with iMessage since I know the experience will be the same for everyone I'm chatting with. Yes, we _could_ all start using WhatsApp et al, but if 8/9 of our group message is on iMessage, why would we?


There are a few "quality of life" tools on OSX that I use, like Alfred that I haven't seen a Linux equivalent.

But you're right, I could probably switch to Linux and be fairly happy.


As for Alfred replacement... How about [Albert](https://github.com/albertlauncher/albert)?


Mac is also easier to use for non technical users. I bought my mom a Mac and she can plays with the "system preferences." Good luck showing her Control Panel on windows.


The Apple Store is a huge deal for non-technical users as well.

Apple's sales per square foot in their stores is really high. Having some place to take your computer to when you need help is extremely valuable for a lot of people. Why don't Samsung, Dell, Lenovo, and HP all have their own stores in every neighborhood that has an Apple store? Is the Apple store only successful because of the iPhone?


The lock-in is Messages, at least for a lot of people.


I'd wager the number of people using Messages on macOS is really not that high. Most people are content to message using their phone.

iMessage absolutely is a lock-in for iOS, though.


Why's iMessage a lock-in? I have an iPhone but I wasn't aware I'd lose anything (significant) by switching to Android (or whatever).


The biggest thing I lost in a similar switch was ANY old conversation with somebody who was an iMessage user. Where they reply to a conversation and think they are just texting you, but actually they are sending iMessages that you just aren’t receiving. Especially on, for example, family group texts, people just find the old conversation and continue it from the previous year or whatever. Lots of times when I was on windows phone or had iMessage switched off, I’d only get the parts of the conversation coming from non-iMessage users. A good example is random family members who use android texting me reactions to an original text or picture I didn’t get. It’s really dumb. Maybe there’s something I could have done about it in my own settings, but instead I ended up switching back to iPhone recently. Not just for that reason but it sure was nice to get messages properly again. But also more sensitive stuff like somebody sharing pictures of items related to planning a funeral.


It's not well publicised but, if you know anyone who's moved away from iOS they can remove their phone number from iMessage here;

https://selfsolve.apple.com/deregister-imessage/


Thanks, that is really interesting. I hadn’t read that page, but I had disabled iMessage from the phone settings, which is how I first noticed the issue. Maybe I was not thorough enough, (it says to disable FaceTime too, which I didn’t/don’t want to disable) because it never corrected itself.


I have also heard that if you complain and drill down enough in the support funnel on this issue that eventually the best answer will be "change your phone number". Now that's what you call lock in.


For photography on Linux you gotta check out Darktable. It's actually very very good as a Lightroom replacement for RAW workflow.


I second this. The only feature that I can immediately think of that locks me in the mac eco-system is the convenience of airdropping files with my wife. Apart from this, with most of my stuff on the cloud, there won't even be a migration process if I decide to switch to Windows.


I have a lot of software I bought on the App Stores for Mac and iOS, hundreds, maybe even over a thousand dollars' worth. If I switch platforms, I can't use that software any more.


The lock in is definitely less, but for me:

- Large iPhoto library - Easy syncing with multiple iPhones (notes, photos etc) - Xcode for iOS development


While your theory is interesting, if deeply cynical, the thing I find most interesting is that it's the top comment on an 800+ comment discussion when it was less than a minute old. Do new comments start at the top? I've never noticed that before.

Edit: By the way, regarding the vulnerability, ANY password you use when you first attempt to login as root BECOMES root's new password. (Blank is a red herring.)

So if you're going to test this, maybe use something non-obvious. In a terminal, setting a strong password for root with "sudo passwd" is the quickest mitigation.

Ill-advised, but in a pinch, you can apparently 'secure' a machine you don't otherwise have access to by attempting to log in as root with a long random password you fail to remember. An admin on that machine can later change root's password with a "sudo passwd".

Also, it appears the "dseneableroot -d" command suggested elsewhere here fails in preventing root login.


The higher the poster's karma, the higher her comment will be upon posting. This user has almost 6k karma, so it can rise high. Once the comment is at the top for a minute or so, it can stay there if enough people keep upvoting it.

Try it and post a top level comment now. I'm pretty sure it won't be at the top initially because you don't have enough karma for that.


I have also seen new comments spring to the top of the conversation, but always assumed they were selected randomly, as some of them were from posters who were fairly new or had a low karma count.


I guess this happens if the other posters are of low karma, or if the other comments are quite old.


Ah thanks, now it makes sense. I always wondered why sometimes my comments went straight to the top. I've lost too much productivity here, clearly! ;)


Yeah I only know because I‘ve watched my posts gain better positions when I hit 1k karma (iirc).


I think new comments do get a slight boost initially. But I also think people are venting their frustrations at the very noticeable decline in software quality from Apple over the last 3 years.


Yes new comments get a bit of time near the top. The amount of time varies based on the amount and quality of other comments.


I really hope that's not true and this is just some extended blip.

That said, between this, the disk encryption bug, not being able to type "I" on an iphone you have to wonder what is going on. I recently upgrade my MacBook Pro to High Sierra and it's been plagued with problems (Weird red flash when displaying menus, hangs/crashes with external monitors etc.)

Then I look at switching away, and I lose all the OSX software I own, all the easy iOS integration, all those Pages documents etc.

Maybe I just need to build a cheap but upgradable Linux box and start trying to switch.


I've been actively investigating that for over a year:

https://taoofmac.com/space/blog/2016/10/29/2240

I have to use Windows for work, though (I'm at a Microsoft subsidiary, and all we get are Windows machines), and I can live OK inside WSL.


Maybe. But this particular bug happened precisely because Apple has changed _something_ in macOS. Also this something was probably quite profound since it has impacted a part of software that, at least from the outside, haven't changed much since a long time.

A lot of macOS users would actually prefer Apple to do less with it than what they are currently doing.


> this particular bug happened precisely because Apple has changed _something_ in macOS

I don't know much about this bug but I have seen several reports that the bug has actually existed quite some time and is not new, only the publicity surrounding it is now shining a bright light on it.


I thought it was confirmed that it is new to High Sierra, it was indeed lingering on forums as a "administrator hint" though.


I think you are right, but it's still been in the wild for several months, despite that Apple just realized a comment claiming they discovered the problem yesterday.


I kind of love how you frame it as "everyone who has switched has switched" as if the job is done. As if there would be no market to capture. Which isn't true. And doesn't even consider the reality that there are young computer buyers who they need to capture because existing users don't buy new machines or won't last in the long run (people die).


There is always more market to capture, but the cost of capturing those few additional users might not be worth it (to Apple, currently). And new users don’t look to the quality of the OS to pick their platforms, they look to existing user bases. And Apple now has a sizable existing user base, especially if you also count iPhones.


I was going to comment the same thing. Most people are always open to switching if the evidence is there to support a better workflow or experience. The realm of endless marketing to all the demographics will never stop.


> not improving macOS won’t make anyone upset enough to switch back

I’m not so sure about this — although it may be due more to the hardware side of their business: after the recent, disappointing iteration of their MacBook Pros I’ve heard a lot of people considering to switch (and actually switching).

Taken together with software quality issues, I wouldn’t be surprised if at least a subgroup of users are leaving Apple gradually. That subgroup being professional users, of course: Apple is still unassailed as a status symbol, and casual (+ mobile) users seem more than happy.


Nobody cares about what developers like in their computers, developers will go wherever the users are. And Apple now has a sizable chunk of computer users and an even larger chunk of smartphone users.


There's a big difference between a developer grudgingly keeping a cheap headless mini-computer under a stack of papers somewhere that gets used only as needed, and a developer using your system as their "home base" and buying into your entire ecosystem.


That’s not a big difference for Apple. They’ve got their user base now, they don’t need developers to spread the word anymore.


This only holds true if you consider lock-in IMO, e.g. you need a mac to develop iOS or mac apps, or you need a windows machine to develop windows apps.

Otherwise I don't care which browser you are using to look at my pages, or which Desktop to run my qt app.

There was a massive influx of developers switchting to mac laptops before it was popular with a majority of users (around 2008).


I think it's more that desktop machines make them a fraction of the money that their iOS devices do. Development goes towards the profit centre.

Remember that back when Apple made only computers, right before the iPod, they were on the verge of bankruptcy and barely profitable.

Since then their laptops have taken off, of course, and I have no idea how much money they make off them. But compared to the huge torrent of cash Apple makes off iPhones I can't imagine the beancounters see a huge amount of value in investing heavily in the parts of OS X that aren't shared with iOS.


Whether or not most potential apple users have already switched, security is surely vital to keeping their customers with them.

Much like the importance of feeling safe in our own house, if the computer that houses our information suddenly makes us feel unsafe or exposed, we'll naturally seek other options unless the issue is, shall I say, swiftly fixed or easily fixable.


Not to excuse the bug, but I think it has more to do with the annual upgrade cycle for the iPhone. Everything else Apple does has to tie into this, which is a pretty tight cycle for an OS with new "regular" OS features, plus the integrations with iOS.

They can't afford to wait 2 years (or whatever) to update the phones, and Mac OS gets pulled along for the ride.


Their QA department has been in a downward spiral since 2014. I would love to name some people who were doing a fantastic job running the place until then, but I'll spare the embarrassment. This really isn't about some mega company not caring as much as one of their cornerstone departments being unable to function effectively.


I really don't think that to be the case. Quality on OS X was a priority in its own right and fundamental to everything at Apple, not just a by-product of a strategy to get people to move from Windows.

Of course all that changed when its only priority became to shift more iPhones, and everything became secondary to that.


Surely they havent used up the pool of people that might/want switch to macOS. How can anyone make even such statement?


Some years ago, I was hearing about people switching from PCs to Macs all the time. Later, not so much, but macOS was still getting praise. Maybe Apple looked at the conversion numbers at that time and decided that the cost of keeping up the quality of macOS wasn’t worth the few PC converts they were still getting, and they figured that not enough people would switch back to PCs since the iOS system lock-in effects, etc. would present enough of a barrier.

So it’s not that there aren’t still people who could conceivably switch to Macs, it’s that Apple decided they didn’t need more converts quite as badly anymore.

Still, only my theory of course.


This goes against basically every corporate strategy ever, which is to always increase growth.

At this state in the company's life there is a disconnect between those who make the software and those who make the business decisions.

I don't think it's likely that Apple's board just decided to give up attracting new customers, and any apparent decline in quality is likely attributed to bad management; ineptitude, rather than purpose.

Occam's Razor supports this hypothesis.


Old school corps - DEC, HP, even IBM to an extent - weren't about increasing growth irrespective of consequences.

The DEC Employee Handbook made a big deal out of Doing the Right Thing. Obviously that was subjective, frequently debatable, and sometimes just a pain in the ass - but it was a guiding principle for engineers of that generation, and for engineers who became managers.

And it produced some outstanding engineering and innovation.

Because it actually means "Do the best work you can, for your own self-respect, and also because you respect your users."

That's light years away from "Screw as much money out of your customers as you can, as many overtime hours out of your developers as you can, and if the product is broken - who cares if the money keeps coming in?"


You're right. I was being a bit hyperbolic.


Increase growth, yes, but not at any cost. My point is that Apple may have decided that at this time they don’t need the growth as much as they need internal developers to work on other things than macOS.


I do see people switching to Linux for this reason, Apple the new MS, Ubuntu the new Apple?


While I think there's a chance you might be right, I don't think it's logical in the long run. I think changes in perception like this are accumulated over time and will in the end hurt the product.

For some examples, look at the impression of Microsoft and Windows when it comes to quality. It is only now starting to improve, with gigantic efforts from Microsofts side. Another example is Linux and usability, which have constantly gotten better (maybe still not good enough, but that's better left for another thread) but still many see Linux as "advanced" and only for power users. These are not perfect examples, of course.

What I mean is that I think it's bad strategy on Apple's part (if they're doing this deliberately), especially considering the resources they have at their hands. I wouldn't be surprised if Apple could increase it's desktop market share further by positioning themselves as high quality. However, it's a reputation they are losing fast.


>It is only now starting to improve, with gigantic efforts from Microsofts side.

Is it? They axed their internal QA and definitely aren't catching all the bugs with the "Insiders Program."

After the Fall Creator's Update I've had to log in twice (after the first one I just get sent back to the login screen).

The workaround is disabling a setting: "Use my sign-in info to automatically finish setting up my device after an update or restart."

I'm also getting repeated alerts that a restart is required to complete installing an audio driver, but restarting doesn't finish it. I probably need to track down the responsible driver, uninstall it, and reinstall manually or hope Windows does it.

Obviously that's not as serious an issue as unauthenticated root access, but in day-to-day use of my Windows computer I don't have a very positive impression of their software quality.


Maybe not quality wise in all areas (I agree with you there) but at least in giving a professional and modern impression compared to let's say Windows XP/7. Maybe operating systems are declining in quality in general, even though organizations sometimes try to improve them. I guess legacy plays a big role here.


Saw this on the Windows 10 subreddit and got a sad chuckle out of it: https://i.redd.it/dvzzftkyzyiz.png

They definitely have a more modern design language going, but they're not exactly consistent about it.


But customer retention is still important.

I've heard of a lot of people switching away from Macs to Linux and Windows, especially with Windows building up their own official Linux subsystem now.

PC hardware is cheaper than Apple's, and hardware (even the "good stuff") becomes obsolete after 5 years anyway. Besides, most software is cross platform these days.

The only real good retention plan Apple has is that we can't release iOS apps without owning Apple hardware; there's a few Mac-specific software titles that certain professionals rely on; and a little bit of "it's overall higher quality than PCs" mindshare that some people still have either from the 80s and early 2000s, but that can't last long if Apple keeps this up.


Nah. At this rate people will simply abandon the ship sooner or later. There's definitely some deterioration going on instead of only a cynical strategy shift.

The new MBP isn't attractive anymore. The software stagnates. The only reason I keep using Mac for usual use cases is just its wonderful collection of dictionaries (I like to constantly learn new languages). I wonder why no publisher ever bothered coming up with a decent dictionary software on Windows/Linux yet instead of making do with crappy online versions. If they did I'd happily just use a Windows + Linux dual boot machine.


Surely they should care about the security of their _own_ developers, who surely program in macOS. I believe we are being too harsh on Apple unnecessarily.


> There is no reason for Apple to improve macOS, since doing so won’t make anyone switch to Macs who hasn’t already switched, and not improving macOS won’t make anyone upset enough to switch back.

I wouldn't be so sure about that. There are a lot of "about to switch" people out there, in both directions, who are just waiting for either the extra nudge or the extra reason to not switch.


It reminds me of the Windows 95/98 login.

At the logon screen, just pressing ESC got you to the desktop.

Video: https://www.youtube.com/watch?v=CAH2j9mRgUM


It's kind of similar, but that was intentional. There was even a "Cancel" button in the GUI that did the same thing.


Saying that you only care about existing users via lockin and don't expect switchers is a sure path to doom in the long run. Surely that cannot really be it.

Incompetence seems to be a more likely fit here than that.


There are probably a lot of people like me on HN who _need_ a unix box to do their work, and the various Macs are still far and away the best general purpose unix boxes available (best chassis, best peripheral compatibility, best (o|O)ffice software compatibility).

Now that Google Docs and Office 365 are "good enough" for most things, I would probably be happy to go back to Linux if there was a Linux machine that had comparable build quality yet was a bit cheaper than a Mac.


Dell XPS 15 on Linux is pretty glorious you guys. My 2011 version is still kicking amazingly well with a 1TB SSD, and the newer models are way sleek. I also have a 2013 Sony vaio with dual boot linix/windows. Haven't booted to windows for anything but updating it for years.


Can't agree more. The main thing that keeps me using OSX is Adobe Creative Cloud.

I'd mention aesthetics, but the current Linux distros look quite good, plus they're customisable.


Amazingly, this was disclosed offhand on the Apple developer forums, two weeks ago (see final comment by chethan177):

https://forums.developer.apple.com/thread/79235

(spotted by https://twitter.com/fristle/status/935670476214378496)


… as a _workaround_ for an administrator account-related bug.

I should have known that updating to a new MacOS versions before 6 to 9 months have passed is a mistake. High Sierra is in my experience the buggiest MacOS release so far, not only security-wise. The system is not very stable and APFS reduced drive performance … :(


From one bad upgrade that cost me a bunch of productivity - believe it was Lion - as well as observing the struggles of colleagues, these days always wait 6 months at least before upgrading OSX


I basically only update when (a beta of) Xcode tells me it won't run on my current version. Usually that's the point when either all bugs have been fixed or they will not be fixed before the new version.


Yea, Xcode is so annoying with this. What magical features does it use under the hood to not allow basic functionality and iOS support that seems completely unrelated to the macOS version? I have zero incentive to update macOS except Xcode telling me it needs a new version that only runs on the new one.


Xcode still needs to compile for macOS of course. It's not just for iOS development. If you want to compile for the next version of macOS you need to be on the next version.


But why? You don't need to be running the latest version of the Linux kernel to compile binaries for it. You don't need to run Windows 10 to compile programs for it. Why does Apple's compiler need to run on the same system its build target is for?


Probably also to run the actual application. But a Linux kernel is a different beast than macOS versions. macOS versions are pretty stale in terms of features to change abruptly with a new release.

But I think if you keep compiling for older versions you should be able to stay on an older version for a while without newer versions of the OS refusing to run it.

It's just that sometimes new features are introduced that require you to change something in your application because there's a new or deprecated framework. Apple likes to break things to not drag a lot of legacy around.


"If you're able to log in (hurray, you're the admin now)" Personally not very hurray


So not so much a 0day vulnerability anymore (+ 13 days ) ?


That’s absolutely terrible. Does Apple not monitor those forums at all?


Apple's support forums aren't a place where Apple provides their users with support, they're where Apple users seek support from other Apple users, mostly unhelpful and often inaccurate support.

In fact, 99% of the time the only advice you'll get is "restore your iPhone", "restore your MacBook Pro", "restore your Apple TV" and so on into bitter infinity.


Those are the support forums, GP is asking about developer forums.

Yes, Apple monitors them, but apparently not closely enough :/


Yeah, I miss the days back at the start of the decade when I would brim with delight over an email notification that a senior engineer / moderator had chimed-in on my thread on the Apple dev forums.

Checking the dev forums was my favourite thing to do in IT class at school :)

These days, I get that (especially now that they're open) the forums are too saturated with content to have engineers on the ball all the time... But the Captain Hindsight in me thinks they could have done with some keyword notifications to nip instances like this in the bud...


You forgot about "repair permissions" and "do a SMC+NVRAM reset"


> mostly unhelpful and often inaccurate support

Sorry that the free support for your expensive device does not match the quality of the non-existing support from your device vendor.


I ran into a bug with High Sierra, posted in the user forums and was contacted by a friendly Apple Engineer a day later. So they do read them, but apparently not close enough.

I could see how someone would dismiss a posting like that with an "this cannot possibly be true" shrug.


I've been a developer for a long time. I understand bugs happen, even bugs with terrible consequences. A lot of bugs seem understandable, like I can see the chain of ifs/thens required to end up at some hilarious broken state.

But I'm breaking my brain trying to figure out how in the hell a login attempt for "root" will enable it if it's disabled. Why is this is a possibility, to just enable root, no questions asked?


Seems to be something related to a backwards-compatibility code path for upgraded systems. According to multiple posts on this thread it only affects systems upgraded to High Sierra, not fresh installs. See https://news.ycombinator.com/item?id=15802622 for example. Adding extra layers for compatibility complicates testing and debugging. With this many eyes on it hopefully someone will be able to deduce exactly what's going on.


My High Sierra is a fresh install, and it's affected.


Yup. Can confirm. I installed it fresh on a VM from the downloaded installer and it is affected.


My upgraded high sierra doesn't have this problem. The theory could be backwards. Anyways, this is stunning.


Note that I had to try twice for this to "work" - maybe try again. Incredible.

EDIT: apparently, the first login attempt with root enables root login with whatever password is provided. Then, when you try again, login will work.

If that's true, we have a combined diagnostic and workaround:

Try logging in with root and a good password. It should not work (if it does, root with that password had been enabled before).

Now, try logging in again with root and that same password.

If it works, your system was vulnerable to that bug, but you've now fixed the problem, as you've enabled root and set a good password (so nobody else can log in unless they find that password).

If it doesn't work, it looks like root has been set up before with some other password (maybe empty), and it's conceivable that someone has exploited that bug on your machine before.

Is that understanding correct?


Try guest account.

I could do it on guest account, by first pressing enter after entering "root". And after a fail, clicking the unlock button.


Mine is an upgrade and does.


But at one point a root account is created with an empty password right?

There's a specific line somewhere that's doing this, in theory.

Maybe they should have opted for "create `root` with unguessable password"


No, that's a hack. And it opens new attacks, like on the hashing algorithm and poor randomness or predictability in the generation logic.


You have some pretty high standards. Being imperfect doesn't automatically make it better than the alternative of not doing it.

If the system can't generate a secure hash, or can't generate cryptographically random numbers, you're in serious trouble. Those tools are foundational to security.

Moving the problem from "a root account is created with the first password you try" to "you have to break crypt(1) or /dev/random" is basically equivalent to solving it.


Maybe something like this was added to make debugging/testing of the OS easier? maybe they just forgot to remove it before shipping the new macOS


Apparently it is not just enabling root, but setting the password the first time you do it (in other words, the blank value has nothing to do with it). Then the subsequent times it'll use the pw you set the first time.


That seems the only probable cause I've come across so far. It doesn't seem to be a backdoor because it would be more of a back-spillway-gate.


That could be the case - I can't find any other possible logical explanation, because it doesn't make any sense.


I'm having a hard time understanding how this could happen too.

It would have to be that looking up the root account enabled it, maybe users go dormant or something, and this was a way to readd them? then once it was enabled it defaulted to a blank password, but you would think that it needs sudo to enable root in the first place.


Blank password is not necessary. Any password provided on initial attempt WILL BECOME the root password. Blank is being circulated simply because that's what was discovered first.

Edit: Which also means it's possible to "secure" a vulnerable (unexploited) machine simply by attempting to log in as root with a long random password.


So by my logic - if you tried this exploit and it failed the first time, then worked the second time: No one else has tried it before you. Otherwise it would either have worked the first time (if you guessed the same pass) or not worked at all (if the first time it was tried a different pass was used).

Or is this not a permanent password set?


Well, I suppose if someone had exploited your system with this, they could probably install some remote access tool, and then disable the root account and unset the password, and remove all evidence they were there.

But, if you don't have Screen Sharing or Remote Management enabled and exposed to the WAN, you're probably safe unless someone untrusted had physical access.

It's hard to know how long this vulnerability was "known." The initial report on Nov 13th looks second hand, so it may have been circulating earlier.


If that's true (and certainly sounds plausible from what is known so far), that's a very valuable heuristic.


Not only enabled it but actually set an empty-string password. Usually the stored hash for a disabled account is not in the hash space, so it was either overwritten, or root account password was actually empty string out of the factory. That and the enabling of the account both point to debug code accidentally left in (or intentional backdoor by the disgruntled).


Login screen is probably already running as root in the first place, so it already had permission to enable shell/GUI access



To some up, when you try to log in with a disabled account, MacOS "promotes" the account but uses the _password provided by the user trying to log in_ instead of the password on file (in this case, an asterisk indicating the account is disabled). Once that is done, you can log in with that account.

IMHO these are two separate bugs: promoting disabled accounts and using the password the user typed in instead of the value in the password list.


I assume that it can't use the password in the password list as that should be hashed already.


I see your point, but it still seems kind of wacky to me. They should validate that the password is correct, then promote the account. Taking the password provided in the authentication dialog just seems like a bad idea.

Perhaps the root issue here is forgetting that the asterisk indicates that the account is disabled and shouldn't be a candidate for promotion.


I'm reminded of: "Solaris Telnet 0-day vulnerability", 2007: https://m.slashdot.org/story/80056

But this does indeed seem to be an extra level of user-friendly stupid.


Like an illusionist hiding the truth, this bug too will have a logical explanation that will leave us in wonder for as long as we aren't told how it happened.


Identity management is complex and boring.

Apples user management is even more complex than most Unixes.


OSX user management is weird. At least on prev versions, they don't show a root account in the Users & Groups ui.

A guess: there's a code path in the UI that is only tested on "mac" accounts, not the root account that the system requires to exist. Something about the non-macness of the root account interacts badly with the UI that expects to be run on a mac users account.


Another user suggested it may have to do with Apple’s new file system: https://news.ycombinator.com/item?id=15801643


You misunderstood. He's talking about a password hash storage system, not a filesystem.


Exactly, how can this happens and no one asks.


I hope a judge will order Apple to make all source code of macOS to be readable by everyone. This does not necessarily mean open source: you will not be allowed to modify and re-release it.


And that will help because Open Source security is so great?

Or because people care to inspect the codebases they otherwise use?


I don't think you understand the difference between open source and free software. Allowing everyone to read it makes it open source.

https://www.gnu.org/philosophy/open-source-misses-the-point....


Be careful testing this! It appears that you're creating a "root" superuser with no password. Be sure to clean up that user afterwords.

https://twitter.com/a_hailes/status/935601901839806464


It's worse than that. You're enabling the root user EVERY time you use this vulnerability. Even if you disable the root user in Directory Utility, logging in with root and no password will re-enable the root user.


You can simply set a root password with "sudo passwd" to close the hole.


Then you better remember the password you set, or be sure that you will always have sudo access.


And you might want to disable the root account again with `dsenableroot -d` as well, so that the root account stays disabled after the vulnerability is patched.

Unlike doing this through the GUI, this seems to retain the root password and prevent this vuln from re-occuring.


Don't disable root. The bug re-enables it with a new blank password.


It doesn't if you disable it from the shell like this, as I note in my comment.

I've tested both approaches - disabling via the GUI causes this bug to re-occur next time you try, disabling via the shell does not.


Bizarrely though, you can still use the root user (with the password that you set) to login to the Directory Utility even while it is supposed to be disabled... This behaviour seems super weird.


Yeah I've noticed this myself - I'm on the fence as to whether this is actually disabling the account or simply creating that impression (it does show as disabled in Directory Utility after you perform this command).

My hope in recommending people disable this way is that with the additional scrutiny on this subsystem, accounts disabled this way will remain genuinely disabled in a future update. Either way this doesn't seem to reintroduce the bug.

... but the whole thing is a mess overall.


I confirm, disabling from shell does seem to prevent further logins


As far as I can tell, "dsenableroot -d" seems to have no useful effect. After having "* Successfully disabled root user." with it, I can still log in to the root account with the password I set, both at the command line with "login" and from a remote machine via screen sharing.

To be flippant, I might say HN discussions seem to QA using Apple methods.


...unless you set a password, right?


I haven't upgraded to High Sierra yet and this doesn't happen on my install atm. Does adding a password to the root user stop this vulnerability? If it does then that seems way better than disabling the account until this is fixed.


You're not creating it, but rather enabling it. When the bug is triggered, the root user is enabled (per Directory Utility).


But you are creating the password for it.


This support article explains how to disable the root user: https://support.apple.com/en-us/HT204012


Do note that this doesn't fix the problem. The system (at least High Sierra) will happily re-enable the user for every attempt at logging in.


Just change the root password once the account is enabled; this fixes the hole.

sudo passwd -u root

It's sad we have to do this, though.


If you disable the root user using `dsenableroot -d` from the Terminal, this seems to disable the account in a way that leaves its password intact.


The bug isn't in the disabling, it's in the auto-enabling on attempt.


Having tested this by both approaches (disabling through GUI & shell), the above (through shell) seems to prevent this from re-occurring when you attempt to perform this bogus login again. Disabling the account via the GUI causes the failure to re-occur.


Until this is fixed it's probably better to use Directory Utility to enable root with a strong password.

/System/Library/CoreServices/Applications/Directory Utility.app

Edit > Change Root Password


The "root" superuser is always there, I'm not sure if it's possible to actually delete it.


It is disabled by default[1] (meaning you can't login as it), this vulnerability appears to enable the root user without setting a password. If the root user has already been enabled it doesn't work.

Anyone who does this should probably set a password for now and then disable the root user account once it has been patched.

[1] https://support.apple.com/en-us/HT204012


This is the best workaround for now. Enable the root user with a strong password till the bug is fixed by Apple.


oh my god


Apple uses the slogan for High Sierra: "Your Mac. Elevated."

Kind of ironic that you can easily get elevated privileges with it.


Can this be used remotely? Edit: Yes, after turning on Remote Management on my second mac I was able to log into it using Remote Desktop, account root and no pw. It only works after getting physical access once.


Yes, I just had a coworker test it after I enabled remote management and they used screensharing.app. I didn't even get notified a user remoted in.. never used screen share, that seems awful. Had to look over and ask if he was in.

edit: I should say, I did test this locally first so I don't know if a fresh machine that hasn't done it will do the same thing and let a remote account enable root.. Would like to hear if anyone tested it remotely WITHOUT doing it locally first.


You can get undetectble remote access on most machines given "physical access once", so I don't think this qualifies as "remotely exploitable".


If root was ever enabled without setting a password, the machine is then in a state that it can be remotely exploitable.

While it's unlikely, there are probably plenty of users who have done this for some reason or another.

Don't underestimate a user's ability to blindly do things like this by following arcane instructions in attempts to fix an unrelated problem.


Not according to this video:

https://www.youtube.com/watch?v=FpOH0lxEGBE

They seem to be remotely accessing the machine to both set and then use the root account.


The system needs to have some sort of remote access, like screen sharing, turned on first, then you can remotely use the root account.


It only works after getting physical access once to enable the root user by gibing any password UI the root user with no password (which will enable the local root account, which is also why it fails the first time around)


I tested this by logging in as root at a preference pane then attempting to connect via ssh and screen sharing (both enabled) using root with no password. It did not work.

Not sure if you'd get different results after logging in as root at the login screen...


Been wondering that myself since it seems that this also happens with the login screen.


"Perhaps nobody noticed two weeks ago when the root login vulnerability in macOS High Sierra was shared as a helpful tip on Apple’s own Developer forums. https://forums.developer.apple.com/thread/79235 "

https://twitter.com/fristle/status/935670476214378496


I wonder what is going on with software quality and testing at Apple. It feels like recently there have been quite a few issues like this (the FileVault password bug, numerous issues with iOS 11, the issue that totally broke iOS Safari a couple of years ago) which should have been fairly easily caught, especially given the limited range of devices their software runs on.

I know testing is hard, but a company with Apple’s resources shouldn’t be making slip ups like this. It suggests some real issues such as lack of unit/automated tests and/or sufficient release testing, which pretty urgently need addressing.

Anyone got any inside scoop?


macOS and iOS updates at Apple are now inextricably tied to new iPhone releases. There is a strict yearly deadline that the teams sprint toward, a timeline imposed by marketing rather than readiness. This affects prioritization of which features are pursued, where they lie in the stack, and how polished they get.

Insufficient testing at today's Apple is not limited to software. They bragged about their extensive input testing lab [0] when the new line of Magic accessories was released, but the Magic Keyboard with Numeric Keypad launched last summer had all of its inventory pulled from the channel last month because users discovered that the model was so thin that its midsection bowed over time.

[0]: https://medium.com/backchannel/what-i-saw-inside-apple-s-top...


Everything ends in tears when managers mix up targets/estimates with commitments


it is also that they pursue features just for the sake of it. things get moved arund in the iPad from release to release for no good reason, often going backwards in usability. every release i have to relearn simple things like how to manage the screen brightness. i really wonder what they are thinking internally other than “we need to shake things up to make it appear we’re doing something with stale products”.


It seems phones and tablets have reached the stage where laptops were maybe 15 years ago. All the major features are done and innovation is pretty much over. So they have to make a lot of cosmetic changes that look like activity.


Haven't deadlines at Apple always been driven by marketing? I'm looking for a source but I remember a story where the product director for iPod was told by steve jobs "make it simple, fast, beautiful, and have it done by Christmas."


That's sure to send shivers down the spine of anyone reading it here but, to be fair to jobs, he managed to get exactly what he wanted on that occasion.


Asking for stuff requires no talent, vision, discipline or effort whatsoever. Pretty much anyone can do it. If you don't actually deliver, you don't actually matter.


Where did you hear that the keyboard was pulled from the channel? It just seems to be out of stock for me.


Take this for the anecdata that it is. I interviewed at Apple, referred by old Microsoft friends that worked there. As I was trying to get a feel for things before the interview, I asked about the software testing. I was told, "don't expect what you're used to at Microsoft". The reference there is from when Microsoft often had more testers on a team than devs (ah, the good ol' days). The summary of what I was told by friends, and the questions I asked during the interview, is that testers at Apple aren't the testers that Microsoft used to have. Microsoft had testers working in MS Research, researching ways to better test software. Apple, from the impressions I got, is doing good to have testers than can write "hello, world". This was from the app side of things, not OS; I don't know if it's any different on the OS side.

But since I don't work there, I have no good inside info. But just from gut feel, I don't think my anecdata is too far off the mark. Based just on the bugs made public, I just don't get the impression that there are testers at Apple whose sole reason for being there is to tear into a piece of software and break it. There was a bug a few weeks ago posted to HN that I commented on. I don't have a link without digging through my comments, but it was something along the lines of "how could a tester not find this in five minutes of exploratory testing?" This bug is similar. It would take more than five minutes, but were this my area to test I'd pick at it once in a while when I had a few minutes. As I pick at it, I wouldn't expect to find anything, but I've got a minute between builds, so instead of randomly clicking Facebook I'll randomly click this dialog. What did the dev forget? What weird state was not accounted for? Some kind of state overflow if I click the button enough times? Shove some Unicode in there, that didn't find anything; meh, maybe I ought to move o...hey, wait a minute. Did that thing just log me in as root?

But my gut says that Apple doesn't employ a lot of testers like that.


As a Tester myself, I cannot understand why this is not covered by either unit tests or behavioral tests. Clicking dialog buttons in rapid succession is what we (should) do once in a while. Especially in core functionalities such as the login screen. It's one of the first screens you see as a tester. And you have default usernames, be it enabled or not.

For example, I do not own an iPhone, but at work, I made a bet with my colleague (jokingly) that I could break _something_ on his phone in a few minutes.

I did not have his finger print or pin-code, so I was very limited, I even joked "I don't need that, give it here!"

Finding out I only had a hand full of options, I focused on the emergency dialer. As any good tester would be curious about, I wanted to check the max field length, so I entered digits, copy/paste it a few times, copy/paste that string, ("wait, no limit? Not even at 1000? why?") and so on, until I noticed the interface became laggy, so of course, I kept going.

Boom, suddenly back at the login screen, tried to open the emergency dialer, but got a full blank white screen, in the meantime the phone started heating up substantially. Since it was a new Phone (iPhone 7 with iOS 10.x I believe) and the dev getting nervous, we decided to reboot it. That fixed the issue. (Curious if this is still an issue in iOS 11.x)

TL;DR: As a tester this simple curiosity should be in your blood, and especially covered in behavioral tests when your software has been around for 5+ years.


I got my friends Apple Watch stuck last week just by looking at it's features. IIRC it got stuck while using the "flashlight". It suddenly froze, and it took me a while to reboot it (it got stuck once more while rebooting).

All in all, it took me about a minute to break it, and around 5 minutes to get it working again. I was getting a bit nervous.


This bug isn't caused by rapid succession or whatever, it's more of a generic end to end test. In this case someone would have had to write an exact scenario that opens a settings page, unlocks it, types in 'root', no password, presses login and it should not work.


Rapid succession button clicking usually combines many different tests:

- Performance

- Usability

- Brute-force capabilities

- Error handling

- And in this case, Security, a bug where trying to log in a couple of times on the Login screen with an empty, or set, password.

A test scenario closer to this would be:

---

When I am on the login screen

And I enter 'root' in the 'Username' field

And I enter 'thispasswordisfalse' in the 'Password' field

And I press the 'Login' button '10' times

Then I should see the text 'Your password is invalid'

---

Please note that this issue is not just in the Settings page, it takes place on the login screen as well, that's why I'm shocked, it's such a core functionality, touching so many system components.


In this case, any password works. The blank one is just the initial example. The password is set to whatever you typed, even if nothing.


> But since I don't work there, I have no good inside info

Actually, I've been wondering why I hear less about people working at Apple than at other big tech companies. It seems everyone and their mother work at Google or Facebook, but no so much at Apple. Do they have less software engineers, or their employees are required to be more discrete?


Do they have less software engineers, or their employees are required to be more discrete?

I know but a few that work at Apple, and of those few they strike me as less forthcoming than the multitudes I've worked with and know at Microsoft. I've wondered if part of that is because Microsoft previews/pre-announces just about everything, whereas Apple (mostly, and not so much anymore) announces it when the shipping trucks show up at the local Apple store.

So the outcome from the Microsoftie is, "it'll do this that and the other, but that's all I can say right now." From a recent conversation with an Apple employee: "they make me go in a special room to use the hardware, and I can't work from home. That's all I can say."

Probably more so, last I looked, Apple has considerably fewer software employees than the other big companies.


> Probably more so, last I looked, Apple has considerably fewer software employees than the other big companies.

I don't think this is true. Apple, Google, and Microsoft all have on the order of 100K employees.


Keep in mind that Apple directly employs retail staff.


Point taken. A closer look shows that about half of them are part of Apple corporate.


> or their employees are required to be more discrete?

Yes, I believe so. I've heard there are strict requirements on even internal discussion. (Who you can talk to; about what; where.)


I believe there was an article about how Apple was finding it extremely difficult to hire ML experts because of the secrecy they require. In order to mitigate that they mad an exception for their ML/AI engineers allowing them to publish papers to external journals and present at conferences.


Presumably this is why their software is increasingly shoddy. But I wonder whether it's a direct effect of poor internal communications, or an indirect effect where the ludicrous secrecy has driven away any half-decent programmers.


Could it be the level of secrecy around Apple? I see responses for Google and Facebook devs on HN a lot but never Apple.

The only people I know locally that work for Apple are remote customer support folks.


Apple probably doesn't take too kindly to their employees talking about their work. I'd imagine it's a fire-able offense.


it is everywhere else too, but people do quit...


Unrelated to Mac OS but I used to wonder all the time why iTunes connect was so shoddy. I got my answer when I learned Apple had outsourced a ton of backend work including iTunes Connect, App Store backend to Infosys in India.

They’re now retreating from that strategy: https://factordaily.com/apple-to-pull-back-development-work-...


Everyone retreats from that strategy.


well that explains allot, iTunes store/ App Store have always been painfully slow, compared to doing anything in Safari.


It seems apple's software has been trending down in quality since Snow Leopard.


I'll agree that Snow Leopard is the high water-mark.


It's common among a small group of Mac users to hold Snow Leopard up as the peak of software quality, but only because of rose-colored glasses [1].

[1] https://www.computerworld.com/article/2528936/mac-os-x/snow-...


It's the last release they made any significant updates to the BSD userland. I'd mark this as the release they ceased serious investment into the operating system itself. After this point it's almost nothing of note. If you look at the dates of the various tools etc., this release is when they were last updated. Many are now getting on for being a decade out of date. The only major change has been the switch to llvm, and they made that horribly painful.

It also marks the decline of the desktop UI to introduce increasing amounts of iOS-like behaviour and appearance to the detriment of a usable desktop. Like proper scrollbars etc.

While some nostalgia might account for holdouts, it was the peak of MacOS in the minds of many, including myself. As a developer, I've been quite disappointed by its direction and declining quality. For the amount we pay for this hardware, it's not much to ask for some basic maintenance work and testing to be done.


I remember my Macbook's battery life being significantly extended by an OS upgrade; either Leopard or Snow Leopard.


There's been releases ever since that improve battery life, or, keep it the same while doing more; background apps get throttled, graphics rendering has been optimized using Metal, and in future Mac devices, I'm sure they'll put their mobile processors in it to handle background tasks - it might even be strong enough to power the next generation of Macbook Air.


Mavericks was a big one for extending battery life. It came quite a bit after Snow LeopRd and introduced timer coalescing which significantly improved battery life across the board for all MacBooks:

https://m.imore.com/mavericks-preview-timer-coalescing


I should have specified I meant 10.6.8 I ran it on my main computer until 10.9.2 because of the problems I had experienced with Lion and Mountain Lion on other computers.

Also I think when most people think of Snow Leopard they're thinking of 10.6.8, at least that's the version number you always see get thrown around on the internet.


The last High Sierra update will have less bugs than the next major release too, so I don't think that's really relevant.


Your right but I think the biggest Issue is Apple does much more frequent releases now than when they were doing Snow Leopard. So more iteration hence more stable OS.


I have been in the apple ecosystem for about 10 years. For a company that has been priding itself on end user security, the bugs that have been creeping their way into the OS are just... disappointing. What is the point of paying a premium for a well polished hardware/software bundle if the OS is malfunctioning in a non trivial manner. Design? Right now when I use my calculator app on my iPhone and do 2+2+2 I get 24. That's a pretty awful design. Actually, it's a lie.


It can't be a coincidence that this was the last major release before Steve Jobs died.


It can’t be a coincidence because it’s not true. Lion was released well before SJ’s death.

Unless you’re arguing Lion wasn’t major because you didn’t like it, but that’s an argument that proves to much, methinks.


3rded. I wish time stopped at 10.6.8.


Apple has always had QA issues, the difference now is that they’re increasingly tested by the users, hackers, etc.


Difference? MacOS userbase hasn’t changed much since 2011, I thought?


I've no information on how good this site's data is, but https://www.statista.com/statistics/218089/global-market-sha... seems to show that from 2013-2017 global macOS market share has increased from 7.95% to 11.3%.


The loss of people like Avie Tevanian and Bertrand Serlet took its toll.

Are there any "(tech) household name" engineers doing system-level work on iOS/macOS these days? It seems like Google and Facebook have a slew of them.


Dominic Giampaolo of BeOS/BeFS fame. He now works on APFS at Apple. Their work is really - impressive APFS was announced in June 2016 and rolled out on iOS devices in March 2017. Given that the APFS roll-out was relatively uneventful and how they tested it [1], it seems that they can still do low-level engineering and proper testing.

Of course, until recently they had Chris Lattner as well.

[1] For some iOS releases, they converted HFS to APFS in-place, report the results back to Apple, but did not write the APFS 'superblock' to keep the filesystem HFS+. It's quite a smart idea, because they got reports from millions of devices without actually switching them to APFS.


Whilst APFS is an improvement and I fondly remember using BeOS back in the day, I am not sure APFS is that impressive feature-wise compared to NTFS. It's still miles behind NTFS, which is now ancient.


In the case of Facebook, all the “household named” developers do nothing to improve the quality of their output, be it their user-facing software or developer-facing open source.


Repressive collusion to fix salaries and restrict industry movement, doesn't really inspire your employees to try their best


> Anyone got any inside scoop?

I have a feeling that anyone who does would get fired for commenting here about it.


You have to think that whoever was responsible for testing this is going to get fired. This is egregiously bad...


This is a management issue. It shouldn't be possible for such a mistake to slip into production code. It has happened more than once in recent times.


iTunes had QA problems for more than 10 years, only the early versions were really solid. I am not sure that it is a recent problem.


Subjectively it feels like Apple bugs have become larger and more prevalent, over the last few years. That and IMO clean OSX/iOS installs don't quite feel as polished as they used to. (I stopped using Apple products, except for a MBP, for a few years and recently started using them again, and the MBP still runs 10.10 for precisely this reason) The last solid OSX release was Snow Leopard


They've added features over the years without removing or polishing them; there's Launchpad which was added in a period where OSX seemed to lean towards becoming touch-friendly, but it didn't replace any existing feature (iirc) and just feels off. Might just be me though. Notification center? Don't use it.


A [?] don't know what you are talking about.


I've experienced lots of issues wiht IOS and High Sierra as well. Apple definitely reduced their software quality since IOS 11.


And seeing this I am wondering why people still trust closed-source software. My long term dream is using 100% free software on a HW with minimum binary blobs.


This also can happen in open software. So I don't think your comment is valid.

Open software enables people to take a look inside to what is going on. It isn't a cure for bug free development.


It reminds me the KMail bug: https://www.ctrl.blog/entry/kmail-cve-2017-9604-openpgp

Some security bugs exist in the Linux/BSDs kernels for a loooong time before someone notice and fix it (e.g., https://media.defcon.org/DEF%20CON%2025/DEF%20CON%2025%20pre...)


Anecdotal but I started noticing a decline in quality after Steve Jobs died.


i'm still wondering if that impression ( which i share) is real or not.

At the minimum, i'd say i feel apple release less innovating os versions while producing at least the same number of bugs.

More

Applications are open for YC Winter 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: