Apple rushes to fix major password bug

Soldato
Joined
10 Jul 2010
Posts
7,087
Apple has said it is working to fix a serious bug within its Mac operating system.

The flaw in MacOS High Sierra - the most recent version - makes it possible to gain entry to the machine without a password, and also have access to powerful administrator rights.

“We are working on a software update to address this issue,” Apple said in a statement.

The bug was discovered by Turkish developer Lemi Ergin.

He found that by entering the username "root", leaving the password field blank, and hitting "enter" a few times, he would be granted unrestricted access to the target machine.

Mr Ergin faced criticism for apparently not following responsible disclosure guidelines typically observed by security professionals.

Those guidelines instruct security experts to notify companies of flaws in their products, giving them a reasonable amount of time to fix the flaw before going public.

Mr Ergin did not respond to those claims when asked on Twitter, and the BBC was unable to reach him on Tuesday.

Apple would not confirm or deny whether it knew about the flaw beforehand.

However, a member of Apple's support forums had posted details of the flaw more than two weeks ago, though the message appears to suggest the vulnerability could be a useful feature for troubleshooting rather than a critical security threat.
Source: http://www.bbc.co.uk/news/technology-42161823

https://www.theregister.co.uk/2017/11/28/root_access_bypass_macos_high_sierra/
 
Maybe if they spent less time on 'live emojis' and more time on things that were actually useful, **** like this wouldn't happen. :rolleyes:
Considering it would be completely different teams working on both this doesn't make much sense. Besides, animated emojis are funny as ****.
 
Tested and the same here - I wonder how long it's been like that, whether it's just a High Sierra thing. I don't have a Mac here with an earlier version of OS X to try. Absolutely unbelievable.
 
That's the problem. Loads of fragmented Dev and QA teams all working in their little bubbles reporting to different management streams.

I guess someone forgot to relay the code on somewhere.. I wouldn't like to be the one who is responsible right now for that bit of code! I dare say they will be working on a fix right now!

EDIT: A security fix has just been released in the App Store > updates! Go get it ASAP.
https://support.apple.com/kb/HT201222
 
Back
Top Bottom