What? There’s A Bug In The Mac Operating System?
In the most recent version, Mac OS High Sierra, a serious error or flaw has been detected. The problem is that unauthorized access to the machine is possible without a password. And it doesn’t limit here as it also offers the permission to the critical administrator rights.
Apple has made an official statement that they are working on this issue and they will soon come up with updated software that will manage this issue.
The person who exposed this issue was Lemi Ergin, a Turkish developer.
He discovered that by typing the username “root” and leaving the password blank, just press the “enter” button few times and you will be successfully granted access to the machine.
But for this discovery, Mr. Ergin had to face criticism as he had not followed the disclosure guidelines that are usually followed by the security professionals.
According to the guidelines, the security expert should notify the company about the flaw and should wait for some reasonable time for fixing the error before going public about it.
Apple has not yet confirmed or denied about knowing this issue beforehand.
The security experts are describing this bug simple and are commenting it as “embarrassing” and “howler”.
The one who has the root access has more permissions and powers when compared with the normal user. It is found that this bug can’t be exploited remotely; hence, the attacker needs the physical access to the computer. But that doesn’t turn out the possibility that from other means, the remote access cannot be obtained which increases the chances of giving complete control of the machine.
The problem needs to be sorted quickly as it can be exploited by the criminals. As suggested by Prof Alan Woodward “Haste and security don’t make good bedfellows”.
While Apple is still trying to fix the bug, meanwhile, it has provided the concerned users with a workaround. The company has requested to set the root password in order to prevent the unauthorized access.
There are certain instructions provided by the organization which when followed can avoid problems.
And for the users who are not technically literate, the security experts suggest that do not let their Mac out of sight and update the system when it prompts.