WifiScreen FREE Windows Application to allow using iPad/Tablet as the second monitor.
Dailymall / Tech - Game

Apple bungle reintroduces 'root' access Mac glitch to High Sierra OS

Volker Chartier, a software engineer at German energy firm Innogy, first raised the alarm, with multiple Mac users since confirming the issue, which affects updates of High Sierra 10.13.0.
ADS

An emergency fix issued by Apple for what has been called a 'huge' and 'unbelievable' security flaw has been found to have a bug of its own.

Mac users were advised by the firm to install the patch, after it was found anyone could access their device without needing a password using a 'root' account.

Customers who downloaded the fix and then upgraded to the latest version of the Mac OS, High Sierra, found that this reintroduced the glitch. 

Scroll down for video 

An emergency fix issued by Apple for what has been called a 'huge' and 'unbelievable' security flaw has been found to have a bug of its own. Customers who downloaded the fix and then upgraded to Mac OS High Sierra 10.13.1 found that this reintroduced the glitch

APPLE APOLOGY

Turkish software developer Lemi Orhan Ergin tweeted the tech giant to say he had discovered the bug last week.

The flaw means anyone can log in to a computer running MacOS High Sierra without a password via system preferences, using the root user account.

Apple released its fix within a day, writing that its 'customers deserve better'. 

In a release note attached to the update, an Apple spokesman said: 'Install this update as soon as possible. 

'Apple has worked hard to fix yesterday’s flaw as soon as possible. 

'But it shouldn’t have happened in the first place.'

Volker Chartier, a software engineer at German energy firm Innogy, first raised the alarm, with multiple Mac users since confirming the issue.

Anyone who installed the patch on High Sierra 10.13.0, then upgraded to 10.13.1, is affected.

Reinstalling the security release has been found to fix the issue, but users must reboot their machines - a warning not included with the patch.

Speaking to Wired, Mr Chartier said: 'It's really serious, because everyone said "hey, Apple made a very fast update to this problem, hooray".

'But as soon as you update [to 10.13.1], it comes back again and no one knows it.'

Apple has today added an additional warning about the new bug to its security page for the initial 'root' flaw.

In it, a company spokesman said: 'If you recently updated from macOS High Sierra 10.13 to 10.13.1, reboot your Mac to make sure the Security Update is applied properly.' 

Turkish software developer Lemi Orhan Ergin tweeted the tech giant to say he had discovered the bug last week. 

Anyone who installed the patch on High Sierra 10.13.0, then upgraded, is affected. Reinstalling the security release has been found to fix the issue, but users must reboot their machines - a warning not included with the patch

HOW TO FIX IT 

In order to install the latest update, open the Mac App Store and click on the 'Updates' tab.

Anyone who installs the patch on High Sierra 10.13.0, then upgrades to 10.13.1, will need to reboot their machine.

Alternatively, MacOs customers can use a temporary workaround by changing the root user password manually.

The flaw means anyone can log in to a computer running MacOS High Sierra without a password via system preferences, using the root user account. 

Videos posted online showed people in the users and groups box typing the username 'root' at the login screen, leaving the password field empty, and appearing to get unrestricted access to the machine.

One Twitter user called Mike Hanley said: 'This is not the password-less future we all had in mind.'

Apple released its fix within a day, writing that its 'customers deserve better'. 

In a release note attached to the update, an Apple spokesman said: 'Install this update as soon as possible. 

'Apple has worked hard to fix yesterday’s flaw as soon as possible. 

Videos posted online last week showed people in the users and groups box typing the username 'root' at the login screen, leaving the password field empty, and appearing to get unrestricted access to the machine

'But it shouldn’t have happened in the first place.'

In order to install the latest update, open the Mac App Store and click on the 'Updates' tab.

Anyone who installs the patch on High Sierra 10.13.0, then upgrades to 10.13.1, will need to reboot their machine.

To change the root user password manually, click on the Apple menu icon, then System Preferences and click Users & Groups (or Accounts).

Click the lock icon, then enter an administrator name and password.

Click Login Options, then click Join, or Edit.

Click on the Open Directory Utility, then click on the lock icon in the Directory Utility window, then enter an administrator name and password.

From the menu bar in Directory Utility, choose Edit, then Change Root Password.

Enter a root password when prompted.

Original Source

ADS

LATER