Reports Some Mac Computers Compromised By Bug

Reports Some Mac Computers Compromised By Bug

Reports Some Mac Computers Compromised By Bug

The flaw let you log in to any Mac running on High Sierra by simply typing in "root" in the username field and leaving the password blank. Many security researchers said this was a glaring oversight that Apple should have caught, particularly given its reputation for high standards and a reputation (rightfully or not) for better security than PCs. Enter username: root and leave the password empty.

It was reported a few days back that a bug had been discovered by Turkish developer Lemi Orhan, which allowed anyone to easily break into Apple's Mac operating system's security protections.

"By testing this vulnerability on your own computer, you'll end up creating (or modifying) a persistent root user account on your system". A locked screen isn't vulnerable to this attack, and full disk encryption seems to stop it as well, but a powered-off Mac running High Sierra can be rebooted and penetrated with no problem at all.

Apple has responded to the reports and assures a software fix is on its way. They can snake their way in using the Mac's screen share feature. "If a Root User is already enabled, to ensure a black password is not set, please follow the instructions from the "Change the root password" section".

It can reportedly be exploited on an unlocked Mac, bypassing security settings and allowing things such as File Vault encryption and the firewall to be turned off.

Customers trying iPads in an Apple store
Security flaw in macOS High Sierra lets anyone access your computer

No doubt a speedy update from Apple on macOS will aim to address the bug.

CoyoteDen said: "Oh my god that should not work, but it does". In fairness to Apple, it's the simple kind of error that even security testers might skip checking, because no one expects an error this obvious to get made in the first place.

In a statment, the firm said: "Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS".

And yes, if you've been waiting to upgrade to High Sierra, pat yourself on the back. When that happens, "Make sure to update your Macs and MacBooks at your earliest opportunity after it is released", he added.

Related news