A day after it was revealed that macOS High Sierra had a massive security problem that allowed unauthorized users to easily log into a Mac with admin access, Apple has released a patch for the bug. SEE ALSO: Apple's 10 biggest screw-ups, rankedYesterday Twitter user Lemi Ergin publicly revealed that if a user types "root" into the User Name field that comes up when making changes to System Preferences, and then hitting enter, the user will gain root-user access. They'll also be able to log into the Mac anytime simply by going to "Other" at login and typing the "root" username again. This Tweet is currently unavailable. It might be loading or has been removed. The security flaw apparently only exists on macOS 10.13.0 or later. Apple quickly published a seven-step workaround for preventing anyone from taking control of a Mac this way, and now the company has released an official patch in a security update (download it here). You'll need to be running the latest version of High Sierra (10.13.1) to implement it. The notes in the security update say it specifically addresses the flaw. As for the cause, the notes say, "a logic error existed in the validation of credentials. This was addressed with improved credential validation." An Apple spokesperson told Mashable:
Security problems and patches happen all the time, although they are rarely this egregious, or this easy to exploit. It's also just the latest high-profile software problem haunting Apple -- the company recently had to patch a bug on iPhones that would substitute the letter "i" with a strange "A[?]" character for some users. Featured Video For You Can this drag queen trick the iPhone X's Face ID? |
Flinks
Links