OS X 10.10 introduced a simple but catastrophic security hole that gives unauthenticated users sudo access without an administrator password. Needless to say, this allows all kinds of mischief.
And this hasn't been patched with a security update?
I work for the Department of Redundancy Department
