Apple Rolls out Emergency Patch for Major High Sierra Bug
This week has been a stressful one for Apple, who have just released an emergency patch to fix a major bug in new operating system High Sierra.
On Tuesday, Turkish developer Lemi Ergin discovered a flaw in the desktop macOS that makes it possible to gain entry to the system without a password, as well as providing access to administrator rights.
This means that anyone with physical access to a Mac can open the system by just typing the word “root” in the username field and leaving the password blank.
Wednesday saw Apple roll out an emergency update patching the security breach, accompanied by the following statement:
“Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS.
When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. This morning, as of 8:00 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.
We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.”
The reason this bug is so concerning is that those with root access can do much more than a regular user, including reading and writing the files of other accounts on the same machine, deleting vital system files, and even installing pervasive malware.
Apple is urging customers to “install this update as soon as possible”. This breach marks the second occasion the firm has forcibly updated users’ machines in response to widespread fear that millions of Macs were at risk.
Want to know more about securing your Mac? Check out our 5 easy tips.