Another MacOS Bug Reported After Apple’s High Sierra Problem
A glaring security problem recently discovered in the latest version of Apple’s MacOS operating system shows that anyone could gain administrative access to the Apple machine without even having to enter the password.
The problem has been found with the MacOS High Sierra.
On Macs running the operating system, all you have to do to gain administrative control is to enter as the user name “root” and give no password.
Apple confirmed late Tuesday they are working on a software update that would solve the problem.
Ever since the story broke, there has been an understandable excitement around it since the company is known for the robust security provisions it brings to their systems. Also, since the news, there have been other developments, including the discovery of another bug.
But let’s start with the statement that Apple made regarding the software update first:
"We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012 . If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section."
Also, it’s been confirmed that the root login bug doesn’t affect machines that run Sierra and only affects machines that run High Sierra. A tweet regarding this was made by Alasdair Allan (@allan) — a scientist and a respected journalist covering technology. The tweet read thus:
Just confirmed that the Apple root login bug does NOT affect machines running Sierra (macOS 10.12), seems only to affect machines on High Sierra (macOS 10.13).
— Alasdair Allan (@aallan) November 28, 2017
Across the internet, the security flaw has been variously described as “embarrassing”(thenextweb.com), “seriously not good”(@allan), “critical vulnerability”(theverge.com) and “huge”(techcrunch.com).
All such comments clearly point to the fact that Apple is not exactly having the time of its life now.
If that was not bad enough, news of another flaw, related to the security bug, broke on the internet.
It was found that the root bug could be used to create a proxy user through the user interface. If you do that, the system fumbles and the new user that has been created becomes one which you could not login to. Also, none of the files in this new user’s home directory would be owned by you. Instead, those files would be owned by its user ID. But the catch is that this new user ID is not mapped to a use.
In simplistic terms, the computer doesn’t know what exactly do to with the new user ID.
A tweet related to this was made by Amit Serper (@0XAmit), a Massachusetts based security researcher on Nov. 28.
Another applebug: Use the root trick to create a user through the ui, the whole thing craps out and creates a user that you can't login with and all the files in the new user's home directory are not owned by the user but by its uid which isn't mapped to a user.
— Amit Serper 🇺🇦🌻 (@0xAmit) November 28, 2017
But the bug problems don’t seem to stop there for Apple.
Bugs have been detected in the newest iOS11 version for Apple’s phone and tablets. Earlier this month, Apple released the last version of the iOS11 named iOS 11.1.1. The reason for that launch was that the version before that had a problem — when users typed the letter "I" on their phones or tablets, it got autocorrected to "A[?]"
With the newest release (iOS 11.1.2), that problem has been fixed. However, it comes with another problem of its own: if you type in "it" or "is," it gets autocorrected to "I.T" or "I.S."
This is not as severe a problem as the root bug but given how rarely people use "I.T" or "I.S" in their messages, a lot of users are said to be bugged by this. Pun intended.
© Copyright IBTimes 2024. All rights reserved.
- MOST POPULAR IN Technology
