MacOS High Sierra Security "Root" Bug Gets Fixed

Apple fell far from the proverbial tree as they released a system update for MacOS High Sierra 10.13.1, which apparently had a severe security issue. This dangerous bug was discovered by security researcher Lemi Orhan Ergin on Tuesday (11.28.2017). However, instead of contacting Apple Support directly and without the curious and hungry eyes of the public, he tweeted on a public account that "we noticed a *HUGE* security issue" and also gave a short description, too, how you can trigger this bug. Unfortunately, this flawed system update allowed anyone to have super-user, i.e., "root" access to any computer running this latest High Sierra operating system. This obviously means that your Mac could be compromised as a hacker can easily access your system being System Administrator and steal all kinds of sensitive information. Fortunately, Apple acted promptly and came out with a security patch the next day but even that did not seem to be without flaws. Hopefully, all High Sierra users have been informed about this major bug and by now their system should be updated and running securely. For the details, please continue reading our article.

As we have mentioned, Apple came out with a security update for its MacOS High Sierra 10.13.1, which was found having a major flaw. Lemi Orhan Ergin, a security researcher, discovered that you can easily gain super-user privileges on systems with this new update. Basically, if you went to the System Preferences menu and clicked on the lock icon, you were prompted with a login pop-up window, where you had to enter "root" as User Name and leave the Password field empty. You may have had to press the Unlock button a few times until it was duly processed but once it was successful, you were granted root access to the computer. Originally, it seemed that this only concerns the Users & Groups option; however, there were also reports that this bug may be triggered from the Mac login screen, too. Nevertheless, not everyone seemed to have been able to replicate this.

The most vulnerable systems in such a situation are the ones that have screen sharing enabled or remote desktop access. This means that practically anyone could gain root access to your computer if this bug is alive on your system. This is as severe as it can be. As a matter of fact, the root account should be disabled by default; however, for whatever reason, High Sierra has the root account enabled, which means that anyone can access your system without a password. Right after this serious security bug was tweeted, Apple issued a statement saying, "We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac." And, they did not waste time either since a security patch was already available the next morning, on Wednesday.

However, this new patch seemed to present yet another issue though much less dangerous, still an annoying one. It seemed that this time file sharing did not work for some reason. When it was discovered, Apple had to come out with yet another solution to fix this newly emerged bug. Fortunately, it seems now that the waves of this security tsunami have smoothed out but it is still a question how such a huge security bug could see the light of day and get shipped. Apple said in a recent statement, "We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again." This is quite reassuring and hopefully will not leave the otherwise satisfied Mac users with a bad taste in their mouth.

It is important to understand the risks of such a severe threat. Maybe this time no malicious exploitation of this bug took place thanks to the fast intervention and resolution from Apple. Hopefully, you understand why strong passwords and the proper configuration of your system is so vital for your virtual security. If hackers can gain super-user privileges on your computer, they can easily encrypt or damage your files, steal sensitive information from you, including your banking details, social media and other account data, spy on you, or install dangerous malware threats. If you want to protect your system against cyber attacks, it may be time for you to install a reliable anti-malware program.