November 30, 2017 by

Apple Pushes Update to Fix Major Mac OS Vulnerability

Apple has issued an emergency patch after admitting to a major security flaw that enabled anyone to access a Mac without a password.

First reported by TechCrunch, a major flaw on Macs running the latest version of High Sierra allowed anyone to login to the device by simply putting “root” in the usernames’ field. The interface is easily accessible through the ‘Preferences’ field and essentially enables anyone with physical access to the computer to be authenticated as its owner. The vulnerability even allows the malicious entrant to add administrators, change critical settings and even lock out the real owner. Such was the severity of the flaw that both the US and the German governments issued alerts to Mac users, advising them to install the subsequent patches.

“The security flaw affected all Macs running the latest version of High Sierra (at least version 10.13.1 — 17B48). On the login screen or in the preference panel, you could bypass all security screens by entering the root username and no password. Multiple persons at TechCrunch tested the flaw and could replicate it effortlessly,” the TechCrunch report read.

 Suffice to say, the major flaw set Apple scrambling for a fix and pushed out a security update for macOS High Sierra systems.

The description for the security update is telling in how serious the flaw is. “Install this update as soon as possible,” the update urged.

On Wednesday, Apple said it would review its entire software development process.

A statement from the tech giant said:

Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS. We greatly regret this error and we apologize to all Mac users. Our customers deserve better. We are auditing our development process to help prevent this from happening again.

Image credit: Pixabay.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Apple Partners Allianz to Offer CyberCrime Insurance Perks

A new partnership between Apple, Cisco and insurance firm Allianz SE will see businesses using...

Read more arrow_forward

Happy New Year: Researcher Drops MacOS Zero-Day Root Access Kernel Exploit

To ring in the new year, a security researcher on New Year’s Day disclosed an unpatched security...

Read more arrow_forward

MacOS Zero-Day Flaw Exposes Passwords in Plaintext

A critical flaw in the newly-released version of macOS, High Sierra, allows rogue applications to...

Read more arrow_forward