"For years, macOS allowed any root certificate when checking code signatures, making code signing completely useless."

"Think Different".

My thoughts exactly. I upvoted this despite some clueless folks downvoting you.

patched in macOS 12.4 / iOS 15.5

I'm surprised Apple has no comprehensive test suite for this

There was that brief period where repeatedly pressing enter on the Lock Screen with an empty password field would eventually let you in as long as you had never seen a `su` password. And if I recall there was also a bug where the password hint would show your password in clear text?

This is old news, right? Did they not change this yet?

> This is old news, right?

The article is from July 2.

> Did they not change this yet?

First line of the article: "patched in macOS 12.4 / iOS 15.5"

Even if it's already patched, the fact that it was exploitable for years make it very much relevant. And of course, those with older computers that can't be updated to the latest macOS are still vulnerable.