Yesterday we heard about a security flaw in Apple’s macOS High Sierra that would give anyone root access to your Mac without a password. This vulnerability was particularly alarming because it allowed unauthorized users to gain full administrative control over the system, potentially leading to severe security breaches. Apple has now released a software update that fixes the issue on their macOS.
The update will patch the issue that allowed anyone to override your Mac using the username ‘Root’ with no password. This was a serious security flaw and Apple acted very quickly to fix it. You can see some of the release notes for the software update below.
Directory Utility
Available for: macOS High Sierra 10.13 and macOS High Sierra 10.13.1
Not impacted: macOS Sierra 10.12.6 and earlier
Impact: An attacker may be able to bypass administrator authentication without supplying the administrator’s password
Description: A logic error existed in the validation of credentials. This was addressed with improved credential validation.
CVE-2017-13872Entry updated November 29, 2017
Understanding the Security Flaw
The security flaw in macOS High Sierra was discovered by a developer who noticed that entering ‘root’ as the username with no password in the login screen or system preferences would grant full access to the system. This essentially meant that anyone with physical access to a Mac running High Sierra could bypass all security measures and gain administrative privileges. This kind of vulnerability is particularly dangerous in environments where multiple users have access to the same machine, such as in offices or public spaces.
The flaw was due to a logic error in the validation of credentials. When the system attempted to validate the ‘root’ user, it failed to properly check for a password, thereby allowing access without one. This oversight in the credential validation process was a significant lapse in security, prompting Apple to respond swiftly.
Apple’s Swift Response
Apple’s response to this security issue was notably quick. Within 24 hours of the flaw being publicly disclosed, Apple released a security update to address the problem. The update, which is now available for download from the Mac App Store, includes improved credential validation to ensure that such a bypass cannot occur again.
The release notes for the update highlight the specific nature of the fix, indicating that the logic error in credential validation has been corrected. This rapid response underscores Apple’s commitment to security and their ability to quickly address critical vulnerabilities.
The Security update for macOS High Sierra is now available to download from the Mac App store, it is recommended that you install the update as soon as possible. Ensuring that your system is up-to-date with the latest security patches is crucial for protecting your data and maintaining the integrity of your device.
In addition to installing the update, users are advised to regularly check for software updates and to enable automatic updates if possible. This practice helps ensure that your system is always protected against the latest threats and vulnerabilities.
Source Apple
Latest Geeky Gadgets Deals
Disclosure: Some of our articles include affiliate links. If you buy something through one of these links, Geeky Gadgets may earn an affiliate commission. Learn about our Disclosure Policy.