Apple releases update to fix macOS High Sierra bug, apologises for the error
After reports on Tuesday that a bug in macOS could allow practically anyone with access to a Mac running on High Sierra to gain root access by simply typing "root" as the username, Apple quickly responded by releasing an update to fix the flaw on Wednesday. The company's spokesperson said in a statement that the patch can be manually downloaded (via the support page), and the update would be automatically installed on all systems running High Sierra later in the day.
"Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS. When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. This morning, as of 8 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra. We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again," an Apple spokesperson told India Today Tech.
The MacOS flaw was initially disclosed by security researchers publicly on Twitter. According to the researchers, the bug gives hackers full control of a Mac running on High Sierra by simply typing "root" as the username during the login prompt. After entering the username, the attacker could leave the password field blank and hit the unlock button twice, making it extremely simple to gain access to any infected Mac.
As far as security is concerned, the macOS bug can be seen as one of the most potentially dangerous flaws that Apple has faced. The ease with which this flaw could give a malicious attacker total control of a Mac is highly terrifying and surprising considering Apple's focus on security and privacy. But it is good to see Apple respond to the bug within 24 hours of detection, and the Cupertino giant sounds genuinely disturbed and embarrassed that a critical flaw like this passed under their radar.
"Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS. When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. This morning, as of 8 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra. We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again," an Apple spokesperson told India Today Tech.
As far as security is concerned, the macOS bug can be seen as one of the most potentially dangerous flaws that Apple has faced. The ease with which this flaw could give a malicious attacker total control of a Mac is highly terrifying and surprising considering Apple's focus on security and privacy. But it is good to see Apple respond to the bug within 24 hours of detection, and the Cupertino giant sounds genuinely disturbed and embarrassed that a critical flaw like this passed under their radar.
Comments
Post a Comment