Apple rolls out fix for MacBook's security flaw

Share

But he found that, until he rebooted, he could even then type "root" without a password to entirely bypass High Sierra's security protections.

It is only second time Apple has forcibly updated users' machines and comes in response to widespread concern that millions of Mac computers were at risk, the report said.

Chethan Kamath’s post on November 13 about the “root” bug on Apple’s developer forum
Chethan Kamath’s post on November 13 about the “root” bug on Apple’s developer forum

This morning, as of 8 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra. "Are you aware of it @Apple?" the user tweeted. "I can't think of anything worse that has been shipped by a major operating system in the past decade".

The solution is a simple one - but one that has not been made sufficient clear by Apple. That would permit unfettered access to the file system for a Mac, exposing private documents on that particular computer. "If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the "Change the root password" section".

Thousands condemn Trump admin's plan to shrink Utah national monuments
Attorney general for the Navajo Nation, Ethel Branch, said Trump should visit the monuments before making a decision on them. Trump had asked Zinke to reassess the status of more than two dozen monuments established since 1996.

The serious vulnerability has been identified as CVE-2017-13872, which has been fixed by Apple through Security Update 2017-001 for macOS 10.13.1 on Wednesday. A new report from Wired has revealed that users who were still on macOS High Sierra 10.13 - and installed the rushed security patch for the root exploit - saw the effects of the patch completely undone by upgrading to macOS High Sierra 10.13.1. "Never mind one from a security and privacy-conscious company such as Apple", Steve Troughton-Smith, a Mac software developer, wrote on Twitter. The flaw allowed a user to gain admin access to the PC without the owner's password just by using "root" as the user name and clicking the unlock button two times to get in.

"Oh my god that should not work but it does", another user responded yesterday on the forum.

ACG Wealth Takes $468000 Position in Kinder Morgan, Inc. (NYSE:KMI)
Camden Asset Management LP decreased Convergys Corp (Prn) stake by 9.50 million shares to 2.77 million valued at $6.12M in 2017Q2. It worsened, as 49 investors sold FANG shares while 102 reduced holdings. 159 funds opened positions while 684 raised stakes.

Several experts have lambasted Apple for allowing the vulnerability in the first place.

In the case of a fix for this latest vulnerability, "I would imagine [Apple] will be pushing it out as a high priority", Cluley said.

We Are in Tough Group, Spain Coach Lopetegui Says
As Iran coach, my goal is to make it hard for both, as well as Morocco. They are going to demand the best of us", he added.

Apple seems to be doing badly in ensuring Macs are secure.

Share