THE ‘DEVASTATING’ root login bug affecting Apple’s macOS High Sierra operating system has risen from the dead.
Apple last week rushed to squash the nasty bug that gave hackers, with physical access to a target machine, the chance to get full administrator access to a MacBook, Mac or iMac without needing a password, all seemed well in the world of slickly designed and hideously expensive computing.
But life just ain’t always that easy. It turns out that if someone is still on the initial release version of macOS High Sierra, version 10.13, installs the security patch and then updates to 10.13.1, then as noted by Wired, the security flaw returns.
The patch can be reinstalled to basically play whack-a-mole with the bug and beat it back down again, but this requires a system restart before its correctly applied.
This means there’s potential for anyone in a shared office or flat to update to the latest version of High Sierra, install the patch then wander away to make a cup of tea. Enter some sneaky person with an agenda to nick some files or just troll the user, and they can exploit the root bug by simply typing ‘root’ into the username box of the High Sierra’s password protection and hit return a few times.
Now that scenario is probably a bit of a stretch, but it still shows a lack of oversight by Tim Cook’s Cupertino crew and hints that Apple may have rushed this patch a little too much.
The company seems a little blasé about the whole thing in its support notes: “If you recently updated from macOS High Sierra 10.13 to 10.13.1, reboot your Mac to make sure the Security Update is applied properly.” #shrug #dealwithit
Surely Apple should know that their security updates will work properly.
But for the time being, Mac users should make sure they restart their machines once the security patch is installed and check all is secure, and perhaps pen a letter to Cupertino noting that no, it doesn’t “just work”. µ
Source : Inquirer