Apple Mac operating system has login flaw that puts data at risk
San Francisco: Apple Inc. customers have discovered a significant security flaw in the latest version of the operating system for Mac computers that allows anyone to log in without a password, potentially making private user data vulnerable.
The issue, discovered in the MacOS High Sierra operating system for laptops and desktops that was released in September, allows people to enter the word “root” when prompted for a username, and provide no password when logging on to the device. The glitch allows anyone to access the file system for a Mac, exposing private documents on that particular computer. One user reported the ability to also access the computer using the root login remotely.
The glitch is a rare and potentially embarrassing failure for Apple, whose software is generally known for being less prone to hacking and malware infections than Windows software from Microsoft Corp. The previous version of the operating system didn’t appear to be affected by the bug.
“A password prompt that authenticates as root with an empty password would be a black eye for any OS. Never mind one from a security and privacy-conscious company such as Apple,” Steve Troughton-Smith, a Mac software developer, wrote on Twitter.
Apple didn’t immediately have a comment on the disclosure.
Tests of the flaw indicate that it could be used to alter a user’s system settings that normally require a chosen username and password. Some settings include changing key security preferences—like enabling or disabling a computer’s firewall or storage drive encryption.
The flaw was publicized on Tuesday on Twitter by Lemi Orhan Ergin, a software engineer based in Turkey. Edward Snowden, a key voice in the information security community after being the center of many years of National Security Agency leaks, commented on the disclosure. “Imagine a locked door, but if you just keep trying the handle, it says ‘oh well’ and lets you in without a key,” he wrote on Twitter.
Until Apple releases a new version of the software or patches the flaw, users can fix the issue by assigning their own password to the root account. This can be done by navigating to System Preferences, clicking Login Options on the left side of the menu, clicking the Join button next to Network Account Server, clicking Open Directory Utility, then clicking Edit in the Mac’s menu bar to assign a password. Bloomberg
- Boxer Mary Kom to endorse Nestlé’s dairy whitener brand Everyday
- Akshay Kumar announces ‘Kesari’ release date, Parineeti Chopra shares first look
- Is Bollywood losing its sheen in China?
- ‘2.0’ sustains until ‘Zero’ as competition from new releases stiffens
- Apple to roll out new Snoopy, Peanuts cartoon series
Editor's Picks »
- Oil drops as oversupply, economic growth worries weigh
- Donald Trump slams Fed on eve of rate meeting amid ‘very strong’ dollar
- Govt to amend laws to allow banks, telecom firms to use Aadhaar
- Sebi makes investing in MFs less pricey; puts cap on total expenses
- Govt tussle with RBI could undermine long-term financial stability, says S&P