High Sierra, Apple’s latest Mac operating system, recently had a flaw, which gives entry to the machine without a password and gives access to the administrator rights. Apple stated that they are now working on an update to address the said issue.
Lemi Ergin, a Turkish developer, has discovered the bug by typing ‘root’ in the username while leaving the password field blank and entering for a few times. He was then given unrestricted access to the target computer. Ergin is now facing criticisms for allegedly not following the proper disclosure guidelines, which is normally observed by a security professional.
The guidelines are stating that security experts should advise the companies of any flaws regarding their products, which gives them a rational amount of time to repair the flaw before it goes public. Ergin was nowhere to be found and did not even respond to those claims on his Twitter account.
Apple did not confirm or deny whether they knew the said glitch beforehand.
The security experts described the bug as embarrassing and howler. Anyone with root access can do so much than a regular user like reading and writing files of other accounts on the similar machine. The superuser can also delete critical system files, making the computer unusable, or he could install a malware that the usual security software would find hard to trace or detect.
Luckily, the bug could not be spread remotely. The intruder should need a physical access to the computer before he can exploit it. Anyone who had remote access by other means would need to use the flaw to have a control to the machine it had access to.
Apple is now working on a fix before the intruders can exploit the vulnerability. The tech giant offered a temporary workaround for its users. The company explained that to prevent unauthorized access to their Mac PC, one should set a root password. To enable the Root User and create a password, please follow the instructions here.
Once the Root User is already enabled, you may follow the instructions under the ‘How to Change the Root Password?’ section to ensure that you did not set a blank password.
For those who are unsure on changing their system settings, the security experts advised not to let their Mac PC’s out of their sights and ensure that you are applying the system update when you are prompted to do so.