Security flaw in latest Apple MacOS allows admin access without password
The glitch, discovered by Turkish software engineer Lemi Orhan Ergin two weeks ago, does not appear to affect previous versions of the operating system.Updated: Nov 29, 2017 22:48 IST
Apple Inc was left scrambling after a huge security flaw was discovered in the latest version of the company’s operating system named High Sierra, in which anyone could access a locked computer by typing in the username “root” without any password.
The glitch, discovered by Turkish software engineer Lemi Orhan Ergin two weeks ago, does not appear to affect previous versions of the operating system.
In a statement released on Wednesday, Apple said: “We are working on a software update to address this issue.”
According to CNBC, the bug has been shown to work within the software’s user preferences screen, among other locations. Once triggered, the same combination will also bypass the lock screen of computers running High Sierra.
Security analysts warned that the security hole was both embarrassing for the company and dangerous, The Guardian reported. It allows anyone with physical access – and in some instances remote access – to a Mac computer to gain full access to user data.
Computing expert Edward Snowden described the operating system as “really bad”, adding: “Imagine a locked door, but if you just keep trying the handle, it says ‘oh well’ and lets you in without a key.”
Experts also warned against testing the glitch.
“By testing this vulnerability on your own computer, you’ll end up creating (or modifying) a persistent root user account on your system. The danger here is that, by creating such an account, it will affect remotely accessible services such as Remote Desktop,” security engineer Keith Hoodlet was quoted as saying by CSO.
First Published: Nov 29, 2017 22:41 IST