Apple scrambles to fix a major security issue on their High Sierra OS

Apple scrambles to fix a major security issue on their High Sierra OS

Apple scrambles to fix a major security issue on their High Sierra OS

Yesterday, a major flaw in Apple’s latest version of MacOS (High Sierra) became public knowledge which allows anyone to access notebooks without a password and attain administrator privileges. 

This flaw became known to the public after a Turkish developer called Lemi Ergin tweeted Apple regarding this issue, an issue which was discovered within his workplace the previous week. 

Accusations have been flying across the internet at Ergin due to his irresponsibility when disclosing this issue to Apple, though in a personal blog post this morning he stated that the flaw was already reported online in several locations, including Apple’s Developer Forum on November 13th. His tweet was to ensure that Apple was aware of the issue, though sadly this tweet became highly publicised making both hackers and end users alike aware of the problem. 

Regardless of pre-existing knowledge of this issue online, Ergin should have contacted Apple privately before making the exploit public on Twitter. His actions have released potentially dangerous information to the public, though his mistake can be attributed to his lack of knowledge when it comes to computer security and proper procedures. 

A week ago the infrastructure staff at the company I work for stumbled on the issue while trying to help one of my colleague get back into their local admin account. They noticed the issue and used the flaw to get the user’s account back. On Nov 23, they informed Apple about it. They also searched at internet and the saw the issue mentioned in a few places already, even in Apple Developer Forum on Nov 13. It seems the issue has already revealed, but probably Apple has not been noticed yet.
Yesterday they informed me about the problem in order to set the root password on my machine. I saw the security issue with my eyes, that was unbelievable!
Then I decided to inform Apple via Twitter. The issue was very serious. It has already been mentioned in forums and revealed in public few weeks ago. I thought I had to ask Apple “are you aware of it?”.

  
Users of MacOS devices do have an ability to secure their systems by merely setting a password for your device’s “root” account. Right now, this is the only known fix for this issue before Apple officially patches their OS. Instruction on how to do this are available here. 

Apple scrambles to fix a major security issue on their High Sierra OS

 

This exploit is hugely embarrassing for Apple, who have long heralded their devices as being safer and more secure than Windows. The company has stated that they are currently working to fix this problem. 

You can join the discussion on Apple’s major password bug on the OC3D Forums.