Craig Federighi, Senior Vice President Software Engineering speaks during the company's annual world wide developer conference (WWDC) in San Jose, California, 5 June 2017
Craig Federighi, Senior Vice President Software Engineering speaks during the company's annual world wide developer conference (WWDC) in San Jose, California, 5 June 2017

Apple MacOS bug allows anyone to get access to your computer – but here's how to fix it

The fix is a little complicated – but required if you think there's any chance someone might want to read your private information

Andrew Griffin@_andrew_griffin
Wednesday 29 November 2017 10:05
comments

A huge Mac bug makes every Apple computer in the world vulnerable – but there’s an easy fix.

The update emerged overnight but has been discussed in some circles for weeks. That means that it’s likely anyone trying to break into your computer is aware of it, making it doubly important to make sure you guard against it.

Thankfully both Apple and external security experts have shared information on how to fix the problem, which is clear but a little complicated. Further information on the major hack can be found here.

Almost every Mac computer that is running High Sierra, the latest update to Apple’s operating system, is at risk – unless you’ve already done the workaround that stops the bug working.

Apple confirmed it is working on a fix that will come in a software update soon. But it shared a way of keeping computers safe in the meantime.

“We are working on a software update to address this issue,” it said in a statement. ”In the meantime, setting a root password prevents unauthorised access to your Mac. To enable the root user and set a password, please follow the instructions here: support.apple.com/en-us/HT204012. If a root user is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘change the root password’ section.”

External security experts have shared their concern that such a bug could break through. But they also endorsed the fix, and outlined one that is slightly quicker – though relies on slightly more advanced knowledge of how MacOS works.

“This is a very surprising bug that evaded the quality control on MacOS High Sierra,” said Tyler Moffitt, senior threat research analyst at Webroot. “Apparently, this also works on FileVault in the MacOS which makes this bug quite devastating. The good news is that as of right now, there is not any mention of malware that leverages this security flaw.

“We can expect Apple to quickly release a fix for this vulnerability. In the meantime, impacted users with admin access should type the following command from the terminal: ‘$ sudo passwd root’. After typing the command, the user should enter his/her password then create a new password for the root user.”

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

View comments