Apple Scrambles to Patch Major OS Vulnerability

Apple CEO Tim Cook has announced plans to build an app design facility in the southern Indian city of Bangalore
Josh Edelson/AFP

Apple is rushing to patch a major operating system vulnerability that left Mac computers open to hacking. Here’s how readers can fix it now.

CNBC reports that a bug in Apple’s High Sierra operating system allowed users to gain access to the file systems admin account simply by entering the username “root” without any password. Software engineer Lemi Orhan Ergin tweeted, “Dear , we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as “root” with empty password after clicking on login button several times. Are you aware of it ?” Orhan then explained how the bug could be replicated,

Apple Support invited Ergin to discuss the matter further with them saying, “Let’s take a closer look at what’s happening together.”

Apple is in the process of releasing a patch that will be available via the App Store, according to a company statement:

Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS.

When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. This morning, as of 8:00 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.

We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.

But for those running the OS that desire an immediate fix, MacWorld has provided the following steps:

  1. Open the Finder.
  2. Click on Go > Go to Folder.
  3. Type: /System/Library/CoreServices/Applications/ in the text box.
  4. Click Go.
  5. Open Spotlight by pressing Command+Space.
  6. Search for the Directory Utility app and open it.
  7. Click on the lock icon so you can make changes.
  8. Enter your name and password in the pop-up window.
  9. Click Modify Configuration.
  10. Click on Edit.
  11. Select Change Root Password.
  12. Enter your new password and verify it.
  13. Click OK.
  14. Now click the lock again to lock it so no more changes can be made.
  15. Quit Directory Utility.

Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan_ or email him at lnolan@breitbart.com.

.

Please let us know if you're having issues with commenting.