Skip to content

November 29, 2017

Apple fixes macOS bug allowing full access without a password (updated)

by John_A

It didn’t take long for Apple to patch that nasty macOS High Sierra flaw that let intruders gain full administrator access (aka root) on your system. The company has released Security Update 2017-001, which should prevent people from gaining control over a Mac just by putting “root” in the username and hitting the Return key a few times. Needless to say, you’ll want to apply this fix as soon as you can if you’re running Apple’s latest desktop OS.

The practical threat of this exploit is fairly low, as it requires that someone have physical access to your Mac. You could also thwart it by setting a root password. The concern, of course, is that this is a disconcertingly simple trick — it wouldn’t take much for someone to access your unattended MacBook in a coffee shop. As good as it is that Apple is fixing the bug quickly, it ideally wouldn’t have been there in the first place.

Update: Apple has issued a statement on the patch. It has apologized for the flaw, noting that “customers deserve better,” and is reviewing its “development processes” to prevent a repeat. Also, you’ll soon have this update as a matter of course: Apple will automatically install it on all systems running macOS 10.13.1 sometime later today. You can read the full statement below.

“Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS.

“When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. This morning, as of 8 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.

“We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.”

Source: Apple

Advertisements
Read more from News

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Note: HTML is allowed. Your email address will never be published.

Subscribe to comments

%d bloggers like this: