Apple's MacOS High Sierra security bug: Do this now
Apple pushed out a fix for a serious security bug in computers running its most recent operating system on Wednesday morning, less than a day after it was first widely reported.
The bug in the Apple operating system allowed anyone with physical access to a Mac running the latest version of Apple's operating system to easily infiltrate the computer and gain full access to everything on it.
It only affected Macs that run the latest version of Apple's operating system software, MacOS High Sierra.
Apple users need to install the latest update to their operating system to correct the problem. To do so:
- Open the App Store app on the Mac.
- Click Updates in the App Store toolbar
- Use the Update buttons to download and install any updates listed.
- Updates installed in the last 30 days appear below this list.
The bug requires the would-be hacker to actually type on the Mac in question's keyboard, so the easiest fix is to keep vulnerable machines under lock and key. There were also reports that in some cases if a user has allowed screen sharing on their computer it's possible to exploit the bug remotely.
The bug only affects Macs that run the latest version of Apple's operating system software, MacOS High Sierra.
The bug, made public on Twitter Tuesday by Turkish software developer Lemi Orhan Ergin, revealed that anyone can log into a Mac running that operating system, or adjust settings on the computer, by entering the login name "root" (without quotations) and clicking enter, no password needed.
The person would need physical access to the computer as the login can't be done remotely.
To check for the vulnerability
It appears that the bug only affects Apple machines running the High Sierra 10.13 or 10.13.1 operating systems. To see which operating system a computer is running, click the apple icon in the upper left hand corner of the screen and then click "About this Mac." That will give the version number of the operating system.
To see if a Mac is vulnerable to the bug, follow these steps:
- Open System Preferences
- Choose Users & Groups
- Click the lock to make changes
- Type "root" in the username field
- Put the cursor in the Password field and click there, but don't type anything
- Click unlock. If the system allows you in, you would be able to add a new administrator-level account with full privileges on the system—all without a password to the computer.
USA TODAY confirmed the vulnerability on a late 2013 MacBook Pro running MacOS 10.13.1 and a late 2015 iMac running the same software. The bug unlocked the safeguards that prevent changes in "System Preferences" on the machine as well as letting someone log into the Mac from the lock screen by simply going to the "other user" tab.
©2017 USA Today
Distributed by Tribune Content Agency, LLC.