Breaking News Bar
posted: 12/2/2017 7:16 AM

On a Mac running High Sierra? Update now.

hello
Success - Article sent! close
  • Apple issued a patch Wednesday to fix a major flaw that allowed people to gain deep access to computers running its latest operating system without the need for login credentials.

    Apple issued a patch Wednesday to fix a major flaw that allowed people to gain deep access to computers running its latest operating system without the need for login credentials.
    (AP Photo/Marcio Jose Sanchez)

 
 

Apple issued a patch Wednesday to fix a major flaw that allowed people to gain deep access to computers running its latest operating system without the need for login credentials.

Reports of the flaw began circulating Tuesday after security researchers found the vulnerability. The researchers reported that it was possible to gain access to a Mac -- and its core settings -- without having to use its owner's username and password. Instead, a potential hacker could type "root" into the username field of key settings in System Preferences menu without entering the password.

Practically speaking, a hacker would have need either physical access or remote access to a Mac to do damage. Many security researchers said this was a glaring oversight that Apple should have caught, particularly given its reputation for high standards and a reputation (rightfully or not) for better security than PCs.

Apple issued a statement Wednesday apologizing for the flaw.

"Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS," Apple said in a statement Wednesday. "When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. This morning, as of 8 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra."

The company went on to say that it is reviewing its processes to avoid future mistakes. "We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again."

Apple has had a couple of recent and notable flaws with its software, including one last year that allowed hackers to use Siri to bypass iPhone lock screens to view a person's contacts and photos. The firm was also slower than Google to address a widespread security problem caused by Wi-Fi connections, in July.

To access this latest update, users should open the App Store on their Macs, which can be found under the Apple menu. From there, click on the "Updates" icon in the toolbar, and look for the phrase "Security Update."

After installing the update, a Mac we tested that had previously vulnerable to the bug was no longer affected.