Rui Carmo, writing at Tao of Mac about the recently popularized root security bug in macOS:
The fact that this has been out there in the wild for weeks (and apparently exploitable via Apple Remote Desktop, too) is amazing, and further damning evidence that Apple’s QA has been slipping beneath any sort of tolerable threshold.
It would actually be strange for the QA team to think to try this specific hack. The primary job of a QA team is not to invent weird edge cases. The failure here isn’t company-wide or institutional, unless you allow your confirmation bias to make it so. If we’re looking to point fingers, we should point them in this case at the engineers who made this bug, not the QA team. This bug is so specific that it’s difficult to imagine that the engineers didn’t deliberately manufacture it, either as a poorly judged inside joke, or as a sandboxed solution that they never meant to ship to everyone.
Rui goes on:
macOS seems to be falling into full-fledged neglect, and as a primarily UNIX user, I’m flabbergasted this kind of thing is even possible in 2017.
Despite its flaws, macOS is the best desktop operating system for many people. The root account bug is only a symptom of a bigger issue if you approach it with that presupposition, which I do not. This bug should only flabbergast people if it had remained in the wild for six months whilst Apple knew of it, but that’s not the case; Apple’s already issued the fix. No matter how first-class a team is, it will still ship bugs to its users. Therefore, you mustn’t judge an operating system’s health by whether it has obscure bugs, but by whether its engineers are dedicated to solving them. As Manton wrote, this means that “There’s hope for us small developers too.”