Apple released a security update for macOS High Sierra after a major flaw

Apple released macOS High Sierra Security Update 2017-001 to fix a major security flaw.

MacOS Security Update

Apple’s macOS High Sierra is under highlight from past 2 days after a Turkish developer Lemi Ergin introduced a new loophole in Apple’s MacOS High Sierra, the most recent version. He proved how a person can gain the root access to the machine without coming in the knowledge of the owner.

Mr. Ergin said if you want to gain the root access to your macOS High Sierra then you just need to spend a few minutes and you can gain the master access to the device. He explained while logging in one need to put “root” in place of username and then needs to click the enter button a few times by leaving the password space blank. With this root access could damage, delete or overwrite the data or files present in the machine and can also command the other accounts of the same machine.

The company quickly rushed for the update and today i.e. on 29th November 2017 at around 10:00 PM IST the company launched an update to fic out these bugs and errors with their macOS.

Thr Turkish scientist was accused of violating the policies of Apple by not telling the company about the flaw in their product and to make it public before giving an appropriate time to fix out the bug. The company also gave a few words on that by saying “We are working on a software update to address this issue,”.

Developer Mr. Ergin didn’t respond to the claims when asked him on Twitter, and not even a single other statement came from his end.

A person with root access can go severe damage to the system; he can read and write files of other accounts on the same machine. He can also delete or overwrite some crucial data and can even install malware that may not get traced by standard security software.

The fix for this bug is needed as soon as possible before any criminal offense can originate using this glitch.

“Haste and security don’t make good bedfellows,” said Prof Alan Woodward from the University of Surrey.
“They will need to be careful the patch doesn’t introduce some other problem as they’ve not had time to test it properly.”

Apple says that a user account named “root” is a superuser who can read and write privileges to more areas of the system, including files in other macOS user accounts.

The company says that default disables a root access, but one after making it enables or to make your system secured you can do the following steps of changing your root password from black to a healthy and unbeatable combination of alphabets and numerics.

macOS High Sierra Security Update 2017-001

Now the company launched the update saying that is recommended to install as soon as possible for all the users. The App Store is showing the update notification with a description “Security Update 2017-001 is recommended for all users and improve the security of macOS.”.

By moving deep inside the update with the help of the link provided along with the update at App Store the company has mentioned that the update is for macOS High Sierra 10.13.1 and is not impacted with macOS Sierra 10.12.6 and earlier.

The company has also mentioned an impact note of this update i.e, “An attacker may be able to bypass administrator authentication without supplying the administrator’s password.” Along with a description “A logic error existed in the validation of credentials. This was addressed with improved credential validation.”

Before this update which have come up just a few minutes ago company gave some official guidelines to prevent any root entry to their macOS. And the prime of them are listed below in which the company directed the steps to change the password and also enable or disable the root access of macOS.

How to enable or disable the root user of macOS

  1. Choose Apple menu () > System Preferences, then click Users & Groups (or Accounts).
  2. Click, then enter an administrator name and password.
  3. Click Login Options.
  4. Click Join (or Edit).
  5. Click Open Directory Utility.
  6. Click on the Directory Utility window, then enter an administrator name and password.
  7. From the menu bar in Directory Utility:
    • Choose Edit > Enable Root User, then enter the password that you want to use for the root user.
    • Or choose Edit > Disable Root User.

How to change the root password of macOS

  1. Choose Apple menu () > System Preferences, then click Users & Groups (or Accounts).
  2. Click, then enter an administrator name and password.
  3. Click Login Options.
  4. Click Join (or Edit).
  5. Click Open Directory Utility.
  6. Click in the Directory Utility window, then enter an administrator name and password.
  7. From the menu bar in Directory Utility, choose Edit > Change Root Password.
  8. Enter a root password when prompted.

1 COMMENT

LEAVE A REPLY

Please enter your comment!
Please enter your name here