Apple to review software development process after security alert

null

Apple said it is reviewing its software development processes after a bug was discovered which allowed people easy access to root accounts

The vulnerability allows users of macOS 10.13 to gain admin rights, or log in as root, simply by clicking a login box several times. Apple issued a fix within 24 hours, and both the US and German governments issued alerts advising Mac users to patch up.

But besides patching up, Apple is now looking to review how it does code.

“We greatly regret this error and we apologize to all Mac users,” Apple said in a statement. “Our customers deserve better. We are auditing our development processes to help prevent this from happening again.”

“Security is a top priority for every Apple product, and regrettably we stumbled with this release of Mac OS,” Apple said in its statement.

To exploit the vulnerability, users simply needed to bring up the authentication dialog box, which is often done if needing to configure privacy or network settings. Once the dialog box appears, type in 'root' as a username. Leave the password blank, press Enter, then click 'unlock' a couple of times and voila – access granted.

Fortunately, the workaround to the flaw appears simple – all users need to do is configure a root password and the flaw will no longer work.

You can read more about this flaw on this link.  

Image Credit: Pio3 / Shutterstock