Major Apple Flaw Found, Fixed & Still Dangerous

A vulnerability in MacOS High Sierra could leave Macs open and vulnerable in the world of the Internet.

My OS is more secure than your OS is a popular game among jaded computer users, each claiming that their choice of a locked-down system makes them smarter, stronger and better looking. Its a suckers game.
That point was driven home on November 28 when word came down from the research world that a great big vulnerability existed in plain sight in MacOS High Sierra Version 10.13 and higher. It was a whopper of a vulnerability, especially for an operating system that has a reputation among its users for being safe.
Now, for all you tl;dr folks, theres a spoiler: The vulnerability was announced yesterday, the Internet freak-out flourished overnight, and a patch was made available this morning. If youre reading this on a computer with un-patched MacOS 10.13, mark your spot, go upgrade your OS and then come back. Well wait.
Welcome back. Now, about that vulnerability: It seems that someone on the High Sierra team forgot that MacOS is built on top of BSD, which is itself a variant of Unix. (Exactly how the variant came to be and why is
a long convoluted tale
involving many companies and even more lawyers.)
That Unix legacy makes for a number of good MacOS characteristics but it also carries some consequence and the vulnerability took advantage of a large consequence.
Basically, in Unix systems there is a super-user named root that has god-like power over the system. In MacOS High Sierra, if the computer owner didnt explicitly set up an account for root (and almost no one using a Mac would do that) someone could walk up to a locked machine, enter the user name root with no password, and pwn the system. Thats a heck of a vulnerability.
It gets even worse because, under just the right circumstances, a hacker could log onto the computer remotely and take over. Those circumstances arent common, but they exist and therefore the worry is great.
On the first day of the vulnerability news, Apple pointed users to information on how to
set or change the root password
on their Mac. Its not terribly complicated -- certainly far less intimidating than mucking about in an old Windows registry. Its still a number of steps, though, and requires Yet Another Password from a password-exhausted user.
The patch released today does away with that requirement, though any user that wants, and had already set, a root password will have to re-enable the root user and set a new password after deploying Security Update 2017-001.
In truth, MacOS is no less secure than any other common desktop operating system. The only danger is the false sense of security that seems to accompany MacOS users and their rare Linux desktop cousins. The key here is that Apple has created a patch and user organizations should get it into the field as quickly as possible.
All human-created operating systems are subject to vulnerabilities. The real question is how the vendor responds to the vulnerability and how users respond to the fix.
Related posts:
DDoS Attacks Trend in a Bad Direction
Its Inevitable: Youve Been Hacked
Microsoft Misses Memory Mistake: The Security That Wasnt
— Curtis Franklin is the editor of
SecurityNow.com
. Follow him on Twitter
@kg4gwa
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Major Apple Flaw Found, Fixed & Still Dangerous