+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

Apple has fixed the bug that let anyone log into a Mac with the username 'root'

Nov 29, 2017, 22:09 IST

Advertisement
Getty

  • Apple released a fix for an embarrassing Mac bug on Wednesday.
  • The bug would let anyone log into an up-to-date Mac with the username "root" and a blank password.
  • Mac users should update immediately through the Mac App Store. 

Apple released a software update on Wednesday fixing a nasty bug in up-to-date versions of MacOS which could give an attacker complete access to an entire system's settings and data. 

The bug was blindingly simple: All someone had to do was put their username as "root" and leave the password blank on the right login screen on a Mac laptop or desktop running High Sierra, the most recent version of MacOS. 

People with Macs can update their operating system to fix the bug through the Mac App Store. 

"An attacker may be able to bypass administrator authentication without supplying the administrator's password," the Apple security page reads. 

Advertisement

"A logic error existed in the validation of credentials. This was addressed with improved credential validation," it continued, confirming that only computers with MacOS High Sierra, the most recent software, was affected. 

A very bad bug 

Justin Sullivan/Getty

One reason why Apple scrambled to fix the issue in about 24 hours is because the bug really does expose users to basically anything. 

In Unix-based systems, like MacOS, "root" is the most privileged user, who has the power to change anything on the operating system. 

"Once someone is logged into your Mac as root, they can do whatever they want, including accessing your files, installing spyware, you name it. So, in other words, if you were to leave your Mac unattended for 30 seconds, someone could backdoor it and have a very powerful way in later," Mac security expert Thomas Reed wrote at Malware Bytes

The ultimate cause of the bug became clearer on Wednesday as Patrick Wardle, Synack's director of research, published a long, technical look at the vulnerability

Advertisement

Essentially, Wardle found, is that the bug is a password setting issue for any disabled user, not just "root." 

NOW WATCH: This animation shows how terrifyingly powerful nuclear weapons have become

You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article