Apple Patches Mac OS Security Bug

PHOTO: APPLE

Apple Patches Mac OS Security Bug

Apple has patched a macOS High Sierra flaw that would allow intruders to gain full administrator access on your system.

Apple has patched a macOS High Sierra flaw that would allow intruders to gain full administrator access on your system. Security Update 2017-001 should be installed by Mac users running High Sierra as soon as possible.

The company released Security Update 2017-001 Wednesday to fix a bug that would allow people to gain control over a Mac simply by putting “root” as the username and hitting the Return key a few times.

The bug was made public Tuesday on Twitter by Turkish software designer Lemi Orhan Ergin. Ergin has been criticized for not following responsible guidelines by notifying Apple of the security flaw with reasonable time to fix it before going public.

Luckily, the threat of an attack to your system’s security using this flaw is fairly low in practice. Anyone wanting to exploit the bug would have to have physical access to your Mac, and you could also avoid it by following instructions issued by Apple to set up a root password.

In a statement issued by Apple, the company apologized for the error and said that starting late Wednesday the patch would be “automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.”

Some security experts remain critical of Apple’s security.

“Recent years have not been good for anyone relying on OS X for security,” Tripwire computer security researcher Craig Young said. “Apple needs to seriously re-evaluate how they perform quality assurance testing, as there is really no excuse for releasing macOS with some of these blatant security failings.”

About the Author

Jessica Davis is the Associate Content Editor for 1105 Media.

Featured

New Products

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.