Apple has said it is working to fix a serious bug within its Mac operating system.<\/p>\n
The flaw in MacOS High Sierra – the most recent version – makes it possible to gain entry to the machine without a password, and also have access to powerful administrator rights.<\/p>\n
\u201cWe are working on a software update to address this issue,\u201d Apple said in a statement.<\/p>\n
The bug was discovered by Turkish developer Lemi Ergin.<\/p>\n
He found that by entering the username “root”, leaving the password field blank, and hitting “enter” a few times, he would be granted unrestricted access to the target machine.<\/p>\n
Mr Ergin faced criticism for apparently not following responsible disclosure guidelines typically observed by security professionals.<\/p>\n
Those guidelines instruct security experts to notify companies of flaws in their products, giving them a reasonable amount of time to fix the flaw before going public.<\/p>\n
Mr Ergin did not respond to those claims when asked on Twitter, and the BBC was unable to reach him on Tuesday.<\/p>\n
Apple would not confirm or deny whether it knew about the flaw beforehand.<\/p>\n
The exploit<\/strong><\/p>\n Considering the power it gives, the bug is remarkably simple, described by security experts as a “howler” and “embarrassing”.<\/p>\n Those with root access can do more than a normal user, such as read and write the files of other accounts on the same machine. A superuser could also delete crucial system files, rendering the computer useless – or install malware that typical security software would find hard to detect.<\/p>\n Thankfully, the bug cannot be exploited remotely, meaning an attacker would have to have physical access to a computer. That said, someone who gained remote access through other means would be able to use the flaw to control the machine it had access to.<\/p>\n The timing of the disclosure presents a major issue to Apple as it now must hurriedly put in place a fix before the vulnerability can be exploited by criminals.<\/p>\n “Haste and security don\u2019t make good bedfellows,\u201d said Prof Alan Woodward from the University of Surrey.<\/p>\n “They will need to be careful the patch doesn\u2019t introduce some other problem as they\u2019ve not had time to properly test it.”<\/p>\n Temporary workaround<\/strong><\/p>\n While Apple works on its fix, it offered a workaround for users concerned about the bug.<\/p>\n \u201cSetting a root password prevents unauthorized access to your Mac,\u201d the company explained.<\/p>\n “To enable the Root User and set a password, please follow the instructions here:\u00a0https:\/\/support.apple.com\/en-us\/HT204012.<\/p>\n “If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the \u2018Change the root password\u2019 section.\u201d<\/p>\n Fuller instructions on how to set the root password were\u00a0written up by MacRumors.<\/p>\n For those not confident enough to change system settings like this, security experts advise simply – don’t let your Mac out of your sight, and be sure to apply the system update when prompted.<\/p>\n –<\/p>\n Source: BBC<\/p>\n","protected":false},"excerpt":{"rendered":" Apple has said it is working to fix a serious bug within its Mac operating system. The flaw in MacOS High Sierra – the most recent version – makes it possible to gain entry to the machine without a password, and also have access to powerful administrator rights. \u201cWe are working on a software update […]<\/p>\n","protected":false},"author":14,"featured_media":378559,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[106],"tags":[224,3,15034],"yoast_head":"\n