1. 47

    https://forums.developer.apple.com/thread/79235

    November 13th, this was a known behavior

    1. 6

      Your comment should be on the top. Looks like apple should have responded two weeks ago. It would be interesting to study how widely exploited this bug has been. Does anybody have an estimate how many people could have seen that solution post on the developer forum?

      1. 2

        Does anybody have an estimate how many people could have seen that solution post on the developer forum?

        One fewer than should have seen it.

      2. 3

        So odd… The solution of entering “root” twice is given as if that’s just kind of a normal thing to do if you need to create an admin account. Is this behavior perhaps actually intentional, but should only work if there are no existing admin accounts?

        1. 1

          Here is the security patch: https://support.apple.com/en-us/HT208315

        1. 3

          This is one of the reasons why I use a rather simple terminal (st - https://st.suckless.org/) for daily use. The code size with 4k LoC is still something you can have a look at.

          1. 2

            st doesn’t even have the ability to scroll. Comparing it to iTerm2 which has a ton of functionality is a joke. People are using iTerm2 for that extra functionality or else they’d just use Terminal.app.

            1. 1

              Just use that patch: https://st.suckless.org/patches/scrollback/

              However, you’re missing the point. This discussion is not about “ton of functionality”, it is about security and privacy. The bug complains about a privacy issue. And if I want to have a terminal that respects both I need one which can be easily reviewed. I suspect st is more easy to review than iTerm2…