- Apple released a fix for an embarrassing Mac bug on Wednesday.
- The bug would let anyone log into an up-to-date Mac with the username “root” and a blank password.
- Mac users should update immediately through the Mac App Store.
The bug was blindingly simple: All someone had to do was put their username as “root” and leave the password blank on the right login screen on a Mac laptop or desktop running High Sierra, the most recent version of MacOS.
People with Macs can update their operating system to fix the bug through the Mac App Store.
Security Update 2017-001 is now available for High Sierra, addressing the root login problem. https://t.co/I6B6V3waBX
— Ivan Krstić (@radian) November 29, 2017
“An attacker may be able to bypass administrator authentication without supplying the administrator’s password,” the Apple security page reads.
“A logic error existed in the validation of credentials. This was addressed with improved credential validation,” it continued, confirming that only computers with MacOS High Sierra, the most recent software, was affected.
A very bad bug
One reason why Apple scrambled to fix the issue in about 24 hours is because the bug really does expose users to basically anything.
In Unix-based systems, like MacOS, “root” is the most privileged user, who has the power to change anything on the operating system.
“Once someone is logged into your Mac as root, they can do whatever they want, including accessing your files, installing spyware, you name it. So, in other words, if you were to leave your Mac Read More Here