Earlier today, macOS users discovered an alarming security flaw that could grant admin access to the system right from the login screen. The bug meant that Macs running High Sierra could be accessed just by typing “root” and pressing enter a number of times. It was an incredibly basic security flaw that was somehow missed by the software team. Fortunately, due to the severity of the issue, Apple was quick to respond with a patch.
The security bug was essentially like someone breaking into your car because you left your keys in the door. The issue was present in macOS version 10.13.1 and the command could allow someone to access all files, folders, change passwords, remove an AppleID etc.
Just tested the apple root login bug. You can log in as root even after the machi was rebooted pic.twitter.com/fTHZ7nkcUp
— Amit Serper (@0xAmit) November 28, 2017
Given how severe the issue is, Apple was quick to respond. Late this afternoon (UK Time), Apple pushed out a patch that those using a Mac should install immediately. The fix is labeled as ‘Security Update 2017-001’. Here is how Apple described the bug on its support page: “A logic error existed in the validation of credentials. This was addressed with improved credential validation.”
Interestingly enough, this bug was first brought up on the Apple Developer Forum earlier this week, but until today, it flew under the radar entirely. After the issue went viral on social media, Apple was quick to respond but it seems that the company would do well to pay more attention to its own forums.
KitGuru Says: Since merging the iOS and macOS teams, Apple has faced a number of challenges when it comes to software. There have been a number of buggy updates for both operating systems, which seem to appear more frequently than they did in the past. Something like this shouldn’t have slipped through, but at least the company was relatively quick in its response.