Apple releases security update to fix major operating system flaw

Posted Ноября 30, 2017

Everyone with a Mac needs to set a root password NOW. You can also open the App Store on your Mac and click the Updates tab to check for new software.

Click then lock icon in the Directory Utility window, then enter an administrator name and password. All local admin accounts (including the root account on Macs) should have unique passwords that are randomly created and regularly rotated. And this is not the first bug discovered in macOS High Sierra operating system.

The bug does not appear to affect previous versions of MacOS, including Sierra, El Capitan or any older versions.

Ergin, a Turkish software developer and founder of Software Craftsmanship Turkey, told his followers that "Anyone can login as "root" with empty password after clicking on login button several times." .

Even though you couldn't exploit this hole remotely, at least by default, it was an astonishing lapse by Apple. Engadget has confirmed that you can gain root access in the login screen, the System Preferences Users & Groups tab and File Vault with this method.

'Then use "root" with no password. As per the researchers, the bug allows practically anyone gain root access of a Mac running on High Sierra by simply typing "root" as the username during the prompt for logging into the machine with multiple users.

One Twitter user called Mike Hanley said: "This is not the password-less future we all had in mind".

Indeed, the basic flaw is not something we've come to expect from Apple, but the company has moved quickly to address the issue.

With those privileges, the account can be used to modify the rest of the Mac and look up passwords on the keychain access.

Apple has released a step-by-step support guide to enable password protection on the root user.

'If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the "Change the root password" section'. A unsafe bug in the operating system allowed any user anywhere to gain entrance to your files and your saved information on your computer just by typing a single word.