Apple Scrambles to Patch Major OS Vulnerability

Apple is rushing to patch a major operating system vulnerability that left Mac computers open to hacking. Here’s how readers can fix it now.

CNBC reports that a bug in Apple’s High Sierra operating system allowed users to gain access to the file systems admin account simply by entering the username “root” without any password. Software engineer Lemi Orhan Ergin tweeted, “Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as “root” with empty password after clicking on login button several times. Are you aware of it @Apple?” Orhan then explained how the bug could be replicated,

Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as "root" with empty password after clicking on login button several times. Are you aware of it @Apple?

— Lemi Orhan Ergin (@lemiorhan) November 28, 2017

You can access it via System Preferences>Users & Groups>Click the lock to make changes. Then use "root" with no password. And try it for several times. Result is unbelievable! pic.twitter.com/m11qrEvECs

— Lemi Orhan Ergin (@lemiorhan) November 28, 2017

Apple Support invited Ergin to discuss the matter further with them saying, “Let’s take a closer look at what’s happening together.”

Let's take a closer look at what's happening together. Send us a DM that includes your Mac model along with your macOS version. We'll meet up with you there. https://t.co/GDrqU22YpT

— Apple Support (@AppleSupport) November 28, 2017

Apple is in the process of releasing a patch that will be available via the App Store, according to a company statement:

Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS.

When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. This morning, as of 8:00 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.

We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.

But for those running the OS that desire an immediate fix, MacWorld has provided the following steps:

1. Open the Finder.
2. Click on Go > Go to Folder.
3. Type: /System/Library/CoreServices/Applications/ in the text box.
4. Click Go.
5. Open Spotlight by pressing Command+Space.
6. Search for the Directory Utility app and open it.
7. Click on the lock icon so you can make changes.
8. Enter your name and password in the pop-up window.
9. Click Modify Configuration.
10. Click on Edit.
11. Select Change Root Password.
12. Enter your new password and verify it.
13. Click OK.
14. Now click the lock again to lock it so no more changes can be made.
15. Quit Directory Utility.