Apple Issues Quick Fix For Gaping Security Hole in macOS High Sierra
Apple today issued a new update for macOS High Sierra, a day after being informed of a perplexingly enormous security flaw that could allow virtually anyone to easily gain admin privileges over a computer.
The problem – which affects macOS High Sierra 10.13.1 – allows anyone with physical access to enter the word “root” into the Users & Groups area of system preferences and gain administrator access.
It’s literally that simple.
The problem was widely reported on Tuesday.
Apple offered the following discussion in today’s notice of the security update:
“Impact: An attacker may be able to bypass administrator authentication without supplying the administrator’s password.
Description: A logic error existed in the validation of credentials. This was addressed with improved credential validation.”
Versions of macOS Sierra 10.12.6 and earlier are not impacted.
Apple has been apologetic and said it was trying to figure out how such a mistake occurred.
“Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS,” a spokesperson for Apple said in a statement to CNN. “When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole.”
“We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused,” the statement continued. “Our customers deserve better.
“We are auditing our development processes to help prevent this from happening again.”
Send tips and news to MSPmentorNews@Penton.com.