Apple High Sierra Bug Lets Anyone Log Into Your MacBook/iMac

Ajustar Comentario Impresión

The flaw allowed anyone with access to the system to login using the "root" account - which gives full administrative access to the computer - without using a password.

Once this simple process is complete, rogue users gain authentication as a system administrator. If you do not already have a Root User enabled, you'll have to head over to that same Apple Support link as we've quoted above, and enable as such.

In a statement, Apple said that it's "working on a software update to address this issue".

Warnings about the bug were shared by computing experts such as Edward Snowden, who described Apple's operating system as "really bad" on Tuesday.

Ergin was asked by other Twitter users if he had directly informed Apple about the vulnerability before making it public, urging him to be responsible in his disclosure.

"A password prompt that authenticates as root with an empty password would be a black eye for any OS".

Apple responded to Engin's tweet, asking for details about the problem and adding that they are looking into the issue. In the Directory Utility menu bar, either select Edit Enable Root User enter the password you want to use. "Are you aware of it @Apple?"

The bug affects macOS High Sierra 10.13.1 and 10.13.2 Beta. While there are obvious concerns about the vulnerability enabling people to access a Mac, people are also anxious about the implications for malware attacks.

Yet despite this, Apple has enjoyed a good security reputation for many years, although flaws, bugs and vulnerabilities are increasingly being discovered and patched. That's it, you're then instantly logged in as a "superuser", which means you have read and write privileges on system files, including what's in other macOS accounts.

"The good news is that as of right now, there is not any mention of malware that leverages this security flaw". For years Apple computers were more secure, but that was because their market share was so small that few hackers were interested in writing software to attack the company's userbase.