Security flaw in latest Apple MacOS allows admin access without password

The glitch, discovered by Turkish software engineer Lemi Orhan Ergin two weeks ago, does not appear to affect previous versions of the operating system.

By: HT CORRESPONDENT
| Updated on: Nov 29 2017, 22:48 IST
HT Tech
(Representative image)

Apple Inc was left scrambling after a huge security flaw was discovered in the latest version of the company's operating system named High Sierra, in which anyone could access a locked computer by typing in the username "root" without any password.

The glitch, discovered by Turkish software engineer Lemi Orhan Ergin two weeks ago, does not appear to affect previous versions of the operating system.

You may be interested in

MobilesTablets Laptops
28% OFF
Samsung Galaxy S23 Ultra 5G
  • Green
  • 12 GB RAM
  • 256 GB Storage
Google Pixel 8 Pro
  • Obsidian
  • 12 GB RAM
  • 128 GB Storage
Vivo X100 Pro 5G
  • Asteroid Black
  • 16 GB RAM
  • 512 GB Storage
Apple iPhone 15 Plus
  • Black
  • 6 GB RAM
  • 128 GB Storage

In a statement released on Wednesday, Apple said: "We are working on a software update to address this issue."

Also read
Looking for a smartphone? To check mobile finder click here.

According to CNBC, the bug has been shown to work within the software's user preferences screen, among other locations. Once triggered, the same combination will also bypass the lock screen of computers running High Sierra.

Security analysts warned that the security hole was both embarrassing for the company and dangerous, The Guardian reported. It allows anyone with physical access - and in some instances remote access - to a Mac computer to gain full access to user data.

Computing expert Edward Snowden described the operating system as "really bad", adding: "Imagine a locked door, but if you just keep trying the handle, it says 'oh well' and lets you in without a key."

Experts also warned against testing the glitch.

"By testing this vulnerability on your own computer, you'll end up creating (or modifying) a persistent root user account on your system. The danger here is that, by creating such an account, it will affect remotely accessible services such as Remote Desktop," security engineer Keith Hoodlet was quoted as saying by CSO.

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 29 Nov, 22:41 IST
NEXT ARTICLE BEGINS