| Recurring |
one_organization, multiple_organization |
(a) The software failure incident related to a security flaw in Apple's products has happened again within the same organization. In January, a security loophole in MacOS High Sierra was discovered, allowing anyone with access to a Mac to bypass password protection [69256]. This incident was the second time in two months that Apple had been hit by password-based bugs in High Sierra, with a 'root user' flaw discovered in December. Apple fixed the bug in beta versions of the next macOS High Sierra update, which was rolled out to the public in January [69256].
(b) The software failure incident related to a security flaw has also happened at other organizations. The incident involved a bug in the Google Chrome Remote Desktop application for Mac, which allowed hackers to access an admin account on Apple Macs via the Google extension without needing a password [69256]. This incident highlights a vulnerability in the Google Chrome Remote Desktop app that could potentially be exploited by attackers. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase can be seen in the discovery of a bug in the Mac version of the Google Chrome Remote Desktop app, allowing hackers to access an admin account on Apple Macs via the Google extension without needing a password. This security flaw was unearthed by Check Point research [69256].
(b) The software failure incident related to the operation phase can be observed in the 'embarrassing' loophole in MacOS High Sierra that lets anyone with access to a machine bypass password protection. This flaw allowed hackers to disable automatic security updates and take advantage of system vulnerabilities that are regularly patched in the future [69256]. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) within_system:
1. The software failure incident related to the Google Chrome Remote Desktop application for Mac was due to a bug that allowed hackers to access an admin account on Apple Macs via the Google extension, bypassing the need for a password [69256].
2. Another software failure incident involved an 'embarrassing' loophole in MacOS High Sierra that allowed anyone with access to a machine to bypass password protection, enabling them to disable automatic security updates and take advantage of system vulnerabilities [69256].
3. Apple had previously been hit by a 'root user' flaw in High Sierra, where anyone could log in to a computer running MacOS High Sierra without a password via system preferences, using the root user account [69256].
(b) outside_system:
1. The software failure incident involving the Google Chrome Remote Desktop application for Mac was exploited by hackers who could access an admin account on Apple Macs through the security flaw in the Google extension [69256].
2. The software failure incident related to the 'embarrassing' loophole in MacOS High Sierra allowed attackers to bypass password protection and disable automatic security updates, potentially compromising system vulnerabilities [69256].
3. The 'root user' flaw in High Sierra, which allowed anyone to log in without a password, was a vulnerability originating from within the system [69256]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident occurring due to non-human actions:
- The software failure incident related to a security flaw in the Google Chrome Remote Desktop application for Mac allowed hackers to access an admin account on Apple Macs via the Google extension without needing a password. This flaw was discovered by Check Point research [69256].
- Another security flaw in MacOS High Sierra was discovered that allowed anyone with access to a machine to bypass password protection, enabling them to disable automatic security updates and take advantage of system vulnerabilities [69256].
(b) The software failure incident occurring due to human actions:
- The security flaws in the Google Chrome Remote Desktop application and MacOS High Sierra were identified as vulnerabilities introduced by the software developers or system administrators, which could be exploited by hackers [69256]. |
| Dimension (Hardware/Software) |
hardware, software |
(a) The software failure incident occurring due to hardware:
- The articles mention that almost all of Apple's devices were affected by Intel and Arm chip 'design flaws' that could expose personal data to cyber criminals [69256].
- The 'Meltdown' and 'Spectre' bugs, which were discovered by security researchers, put billions of people worldwide at risk of being hacked by exploiting hardware vulnerabilities in chips from Intel, AMD, and Arm [69256].
(b) The software failure incident occurring due to software:
- A bug was discovered in the Mac version of the Google Chrome Remote Desktop app, allowing hackers to access an admin account on Apple Macs via the Google extension without needing a password [69256].
- Another security flaw was found in MacOS High Sierra that allowed anyone with access to a machine to bypass password protection, enabling them to disable automatic security updates and take advantage of system vulnerabilities [69256]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident related to the Google Chrome Remote Desktop application for Mac and the MacOS High Sierra operating system can be categorized as malicious. The incident involved a bug that allowed hackers to access an admin account on Apple Macs via the Google extension without needing a password. This vulnerability was exploited by attackers to gain unauthorized access to sensitive information on Mac computers [69256]. Additionally, another security flaw in MacOS High Sierra was discovered, which allowed anyone with access to a machine to bypass password protection, potentially leading to unauthorized access and manipulation of system settings [69256]. These incidents demonstrate that the failures were caused by contributing factors introduced by malicious actors with the intent to harm the system. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The intent of the software failure incident was poor_decisions.
The incident involving the Google Chrome Remote Desktop application for Mac was due to a security flaw that allowed hackers to access an admin account on Apple Macs via the Google extension without needing a password. This flaw was discovered by Check Point research (CPR) [69256]. Additionally, there were previous concerns regarding Macs, including a 'root user' flaw in MacOS High Sierra that allowed anyone with access to a machine to bypass password protection [69256]. Apple had also been hit by password-based bugs in High Sierra, with a 'root user' flaw discovered in December [69256]. These incidents highlight poor decisions in software development and security measures that led to vulnerabilities being exploited by hackers. |
| Capability (Incompetence/Accidental) |
development_incompetence |
(a) The software failure incident related to development incompetence can be seen in the discovery of a bug in the Mac version of the Google Chrome Remote Desktop app. The bug allowed hackers to access an admin account on Apple Macs via the Google extension without needing a password. This vulnerability was unearthed by Check Point research [69256].
(b) The software failure incident related to accidental factors can be observed in the 'embarrassing' loophole discovered in MacOS High Sierra that allowed anyone with access to a machine to bypass password protection. This flaw could be exploited to disable automatic security updates and take advantage of system vulnerabilities. The issue was first highlighted via a bug report on the Open Radar developer community website [69256]. |
| Duration |
permanent, temporary |
(a) The software failure incident related to the Mac version of the Google Chrome Remote Desktop app allowing hackers to access an admin account on Apple Macs via the Google extension can be considered as a permanent failure. This is because the security flaw was present in the software itself, allowing hackers to exploit it to gain unauthorized access without needing a password. The incident was not a one-time occurrence but a vulnerability that persisted until it was identified and fixed [69256].
(b) On the other hand, the incident related to the 'embarrassing' loophole in MacOS High Sierra that allowed anyone with access to a machine to bypass password protection can be considered as a temporary failure. This was a specific flaw in the operating system that allowed users to bypass password protection under certain circumstances, such as accessing the App Store preference pane from System Preferences and entering a bogus password. This vulnerability was not a permanent issue but rather a specific loophole that could be exploited under certain conditions [69256]. |
| Behaviour |
omission, value, other |
(a) crash: The articles do not mention any specific incidents of the software crashing.
(b) omission: The articles mention a security flaw in the Google Chrome Remote Desktop application for Mac that allows hackers to access an account without needing a password, bypassing the intended security measures [69256].
(c) timing: The articles do not mention any incidents related to timing failures.
(d) value: The articles discuss multiple instances of software failures related to value, such as the 'embarrassing' loophole in MacOS High Sierra that allowed anyone with access to a machine to bypass password protection, as well as a bug in the App Store preference pane that granted access with a bogus password [69256].
(e) byzantine: The articles do not mention any incidents related to byzantine behavior.
(f) other: The other behavior observed in the articles is a security flaw that allows unauthorized access to admin accounts on Apple Macs via the Google Chrome Remote Desktop app, bypassing the need for a password [69256]. |