Vietnamese Tiếng Việt | Wednesday, December 13, 2017 | Advertise with Us
Text Size

Apple rushes to fix major password bug

(0 votes, average 0 out of 5)

Apple has said it is working to fix a serious bug within its Mac operating system.

The flaw in MacOS High Sierra - the most recent version - makes it possible to gain entry to the machine without a password, and also have access to powerful administrator rights.

“We are working on a software update to address this issue,” Apple said in a statement.

The bug was discovered by Turkish developer Lemi Ergin.

He found that by entering the username "root", leaving the password field blank, and hitting "enter" a few times, he would be granted unrestricted access to the target machine.

Mr Ergin faced criticism for apparently not following responsible disclosure guidelines typically observed by security professionals.

Those guidelines instruct security experts to notify companies of flaws in their products, giving them a reasonable amount of time to fix the flaw before going public.

Mr Ergin did not respond to those claims when asked on Twitter, and the BBC was unable to reach him on Tuesday.

Apple would not confirm or deny whether it knew about the flaw beforehand.

The exploit

Considering the power it gives, the bug is remarkably simple, described by security experts as a "howler" and "embarrassing".

Those with root access can do more than a normal user, such as read and write the files of other accounts on the same machine. A superuser could also delete crucial system files, rendering the computer useless - or install malware that typical security software would find hard to detect.

Thankfully, the bug cannot be exploited remotely, meaning an attacker would have to have physical access to a computer. That said, someone who gained remote access through other means would be able to use the flaw to control the machine it had access to.

The timing of the disclosure presents a major issue to Apple as it now must hurriedly put in place a fix before the vulnerability can be exploited by criminals.

"Haste and security don’t make good bedfellows,” said Prof Alan Woodward from the University of Surrey.

"They will need to be careful the patch doesn’t introduce some other problem as they’ve not had time to properly test it."

Temporary workaround

While Apple works on its fix, it offered a workaround for users concerned about the bug.

“Setting a root password prevents unauthorized access to your Mac,” the company explained.

"To enable the Root User and set a password, please follow the instructions here:

"If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.”

Fuller instructions on how to set the root password were written up by MacRumors.

For those not confident enough to change system settings like this, security experts advise simply - don't let your Mac out of your sight, and be sure to apply the system update when prompted.



Source: BBC

Maybe You Also Interesting :

» The Gioi Di Dong, FPT Shop are top agents for Apple products

Two years ago, Apple’s authorized resellers included iCenter, Future World, KTC and Phong Vu shops. Now, most of the agents belong to The Gioi Di Dong and...

» Apple wants simpler procedures in Vietnam

Apple Vietnam has proposed to remove some administrative procedures to advantage its business in the country.

» U.S. buyers favor iPhone 7 over 8: research

Apple Inc’s older iPhone 7 models are outselling the recently launched iPhone 8 ahead of the early November debut of the premium iPhone X, broker KeyBanc...

Popular News Categories:

- Asia & Asian  |  EU & Russia  |  America & US

- Facts  |  Urban  |  Faculty  |  Environment

- Business  |  Finance  |  Market Health

- Destination  |  Cuisine  |  Arts Music

- Cinema  |  Soccer  |  Sports  |  IT & Internet

Culture & Tourism:

-> About Vietnam  |  Things To Do

-> Destinations  |  Events Calendar

-> Visa Online  |  Flights & Transport

-> Accomodation  |  Tours & Cruise

-> Find more go to Travel.VN...