Apple has issued an emergency patch after admitting to a major security flaw that enabled anyone to access a Mac without a password.
First reported by TechCrunch, a major flaw on Macs running the latest version of High Sierra allowed anyone to login to the device by simply putting “root” in the usernames’ field. The interface is easily accessible through the ‘Preferences’ field and essentially enables anyone with physical access to the computer to be authenticated as its owner. The vulnerability even allows the malicious entrant to add administrators, change critical settings and even lock out the real owner. Such was the severity of the flaw that both the US and the German governments issued alerts to Mac users, advising them to install the subsequent patches.
“The security flaw affected all Macs running the latest version of High Sierra (at least version 10.13.1 — 17B48). On the login screen or in the preference panel, you could bypass all security screens by entering the root username and no password. Multiple persons at TechCrunch tested the flaw and could replicate it effortlessly,” the TechCrunch report read.
Suffice to say, the major flaw set Apple scrambling for a fix and pushed out a security update for macOS High Sierra systems.
The description for the security update is telling in how serious the flaw is. “Install this update as soon as possible,” the update urged.
On Wednesday, Apple said it would review its entire software development process.
A statement from the tech giant said:
Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS. We greatly regret this error and we apologize to all Mac users. Our customers deserve better. We are auditing our development process to help prevent this from happening again.
Image credit: Pixabay.
About the author
A critical flaw in the newly-released version of macOS, High Sierra, allows rogue applications to...Read more arrow_forward
Security researchers have discovered a new malware program that targets macOS users and is capable...Read more arrow_forward
A survey by security software firm Malwarebytes’ analysis of malware and cybercrime in the first...Read more arrow_forward