Apple has fixed the bug that let anyone log into a Mac with the username 'root'
Getty
- Apple released a fix for an embarrassing Mac bug on Wednesday.
- The bug would let anyone log into an up-to-date Mac with the username "root" and a blank password.
- Mac users should update immediately through the Mac App Store.
Apple released a software update on Wednesday fixing a nasty bug in up-to-date versions of MacOS which could give an attacker complete access to an entire system's settings and data.
The bug was blindingly simple: All someone had to do was put their username as "root" and leave the password blank on the right login screen on a Mac laptop or desktop running High Sierra, the most recent version of MacOS.
People with Macs can update their operating system to fix the bug through the Mac App Store.
"An attacker may be able to bypass administrator authentication without supplying the administrator's password," the Apple security page reads.
"A logic error existed in the validation of credentials. This was addressed with improved credential validation," it continued, confirming that only computers with MacOS High Sierra, the most recent software, was affected.
A very bad bug
Justin Sullivan/Getty
In Unix-based systems, like MacOS, "root" is the most privileged user, who has the power to change anything on the operating system.
"Once someone is logged into your Mac as root, they can do whatever they want, including accessing your files, installing spyware, you name it. So, in other words, if you were to leave your Mac unattended for 30 seconds, someone could backdoor it and have a very powerful way in later," Mac security expert Thomas Reed wrote at Malware Bytes.
The ultimate cause of the bug became clearer on Wednesday as Patrick Wardle, Synack's director of research, published a long, technical look at the vulnerability.
Essentially, Wardle found, is that the bug is a password setting issue for any disabled user, not just "root."
Security Update 2017-001 is now available for High Sierra, addressing the root login problem. https://t.co/I6B6V3waBX
- Ivan Krstić (@radian) November 29, 2017
Next Story
A couple accidentally shipped their cat in an Amazon return package. It arrived safely 6 days later, hundreds of miles away.
A centenarian who starts her day with gentle exercise and loves walks shares 5 longevity tips, including staying single 
2 states where home prices are falling because there are too many houses and not enough buyers
"To sit and talk in the box...!" Kohli's message to critics as RCB wrecks GT in IPL Match 45
7 Nutritious and flavourful tiffin ideas to pack for school
India's e-commerce market set to skyrocket as the country's digital economy surges to USD 1 Trillion by 2030
Top 5 places to visit near Rishikesh
Indian economy remains in bright spot: Ministry of Finance
