Apple Patches Mac OS Security Bug

PHOTO: APPLE

Apple Patches Mac OS Security Bug

Apple has patched a macOS High Sierra flaw that would allow intruders to gain full administrator access on your system.

Apple has patched a macOS High Sierra flaw that would allow intruders to gain full administrator access on your system. Security Update 2017-001 should be installed by Mac users running High Sierra as soon as possible.

The company released Security Update 2017-001 Wednesday to fix a bug that would allow people to gain control over a Mac simply by putting “root” as the username and hitting the Return key a few times.

The bug was made public Tuesday on Twitter by Turkish software designer Lemi Orhan Ergin. Ergin has been criticized for not following responsible guidelines by notifying Apple of the security flaw with reasonable time to fix it before going public.

Luckily, the threat of an attack to your system’s security using this flaw is fairly low in practice. Anyone wanting to exploit the bug would have to have physical access to your Mac, and you could also avoid it by following instructions issued by Apple to set up a root password.

In a statement issued by Apple, the company apologized for the error and said that starting late Wednesday the patch would be “automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.”

Some security experts remain critical of Apple’s security.

“Recent years have not been good for anyone relying on OS X for security,” Tripwire computer security researcher Craig Young said. “Apple needs to seriously re-evaluate how they perform quality assurance testing, as there is really no excuse for releasing macOS with some of these blatant security failings.”

About the Author

Jessica Davis is the Associate Content Editor for 1105 Media.

Featured

New Products

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”

  • Hanwha QNO-7012R

    Hanwha QNO-7012R

    The Q Series cameras are equipped with an Open Platform chipset for easy and seamless integration with third-party systems and solutions, and analog video output (CVBS) support for easy camera positioning during installation. A suite of on-board intelligent video analytics covers tampering, directional/virtual line detection, defocus detection, enter/exit, and motion detection.

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.