Every piece of software has security flaws, some major and some minor. What most software doesn’t have are security flaws that might as well be called a disastrous oversight leading to terrible experiences for users, and shameful PR for companies.
The ‘bug’ in Apple’s macOS High Sierra is of the latter kind. Security researchers yesterday disclosed a bug in High Sierra that allows anyone to hack into it and gain ‘root’ privileges. But that’s not even the worst part, it’s the ridiculously easy method that makes this ‘bug’ a massive oversight from Apple — a company that, by the way, is known to take security more seriously than anyone else in consumer electronics.
Apparently, anyone who gets a prompt to log-in into a Mac running High Sierra with multiple user accounts can simply enter ‘root’ as the username, leave the password field blank and hit the unlock button twice. That’s it, they’re in. And not just ‘in’ in, they have ‘root’ privileges on the system, making this a train wreck the size of Apple’s brand new spaceship campus. Except in this case, it’s Apple’s lack of attention to detail that made the news.
Security researchers have claimed that the bug would’ve been found earlier if Apple had a bug-bounty program for macOS (the company only has one for iOS as of now).
Apple, for its part, has confirmed the issue, and has promised a fix — “We are working on a software update to address this issue”, a company spokesperson said.
Meanwhile, users can add a root password to their Macs to protect themselves from this scary, face-palm worthy bug that has managed to creep into macOS. Apple has official instructions on doing just that on their support website.
