ibusinesslines.com
ibusinesslines.com December 18, 2017


Apple rolls out fix for MacBook's security flaw

04 December 2017, 12:57 | Jodi Jackson

PSA: Upgrading to macOS 10.13.1 will undo Apple's patch for critical root vulnerability

Updating macOS can bring back the nasty “root” security bug

Apple released an update to its latest operating system for Mac computers and said it's changing development practices after a significant security flaw was disclosed Tuesday that allowed people to log in without a password, potentially making private user data vulnerable.

Apple's quick patch for the recently discovered "root" user bug can be undone by upgrading to macOS 10.13.1. Ergin said staff members reported the vulnerability to Apple on November 23, and he disclosed the flaw publicly in a tweet on Tuesday. "I can't think of anything worse that has been shipped by a major operating system in the past decade".

One small bright spot may be that the vulnerability requires local access and appears hard, though not impossible, to exploit remotely. This, in particular, provides access to the login screen in Mac blocked. "If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the "Change the root password" section".

"It's really serious, because everyone said 'hey, Apple made a very fast update to this problem, hooray, '" Innogy software engineer Volker Chartier in a statement to Wired.


In a Medium post today, Ergin today said his Twitter disclosure about the Mac bug was met with "many reactions like a blast". However, the bug is not fixed in that case until the user reboots the computer.

Developers can download the macOS Developer Beta Access Utility from the link below... It was discovered that it was possible to log into the "root" account without entering a password, and - although the company seemed to have been alerted to the issue a couple of weeks back - praise was heaped on Apple for pushing a fix out of the door quickly. "This is really REALLY bad".

Several experts have lambasted Apple for allowing the vulnerability in the first place.

Even if a Mac user reinstalls the security update after updating to macOS High Sierra 10.13.1 - and actually, Apple will automatically install it no matter what - users could still be at risk, according to Thomas Reed, a security researcher at MalwareBytes focused on Apple products. "Never mind one from a security and privacy-conscious company such as Apple", Steve Troughton-Smith, a Mac software developer, wrote on Twitter.



Other News

Trending Now

UGA's Natrez Patrick arrested for DUI, marijuana-related charges
Patrick started and helped Georgia win Saturday's SEC championship game against Auburn in Atlanta. Georgia linebacker Natrez Patrick was reportedly arrested in the hours after the SEC title game.

Lane Kiffin wants 'Bama after FAU's 10th straight win
The program had made two bowls in its brief history (as an FBS team since 2004, and only as a football program at all since 2001). If FAU wins the conference title, Kiffin may start getting more interest from big-name programs with head coaching vacancies.

'Potential for war with N Korea rising every day'
After the missile was tested, Trump tweeted Wednesday that "additional major sanctions will be imposed on North Korea". Still, he said, Pyongyang's actions had made America's alliances with Japan and South Korea "stronger than ever".

US Ends Participation in the Global Compact on Migration
The withdrawal comes days before a global conference on migration that starts Monday in Puerto Vallarta, Mexico. These commitments are known as the New York Declaration for Refugees and Migrants .

Ending the weekend with warm and cloudy conditions
Temperatures fight a battle to rise as colder air funnels in behind the front, with readings fairly steady in the 40s to near 50. A shower or two could linger into early Wednesday morning, with partly to mostly cloudy skies hanging around into the afternoon.

Rickie Fowler conquers Bahamas to win Hero World Challenge
Jordan Spieth (72) and England's Justin Rose (71) were tied for second at nine-under 207, one stroke ahead of Italy's Francesco Molinari (71).

Russian Federation accuses United States of 'bloodthirsty tirade' over threat to destroy North Korea
On November 29, North Korea conducted a missile launch, the first since September 15. "We know they were building to this".