Apple pushes out Mac security update that keeps them from being easily broken into

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy notice

Apple has fixed a huge bug that meant Mac computers could easily be broken into.

Overnight it emerged that a problem in the way the Mac operating system deals with passwords meant it was incredibly easy to break into almost any computer running High Sierra, the latest major update.

Apple has apologised to Mac users for allowing the insecure software through, and quickly pushed out an update to all affected computers that should keep them safe.

The "Root" account – which has access to many of the most privileged parts of the software – had its password left completely blank. That meant that anyone could log into the computer with just a blank password and freely look at personal files, change settings and read messages.

Now Apple has pushed out an urgent fix that can be easily downloaded. It adds extra security so that flaw will no longer work.

The update – which is referred to by Apple as "Security Update 2017-001" – can be downloaded by heading to the App Store and checking for new updates. Once you do that, it can be downloaded and installed, and it doesn't require you to restart your computer or do any other complicated operations.

Inside the app store, a message tells Mac owners to "install this update as soon as possible". It doesn't explain why – only saying it is recommended for all users and improves security – but it appears to fix the password problem in all cases.

A separate page for the update makes clear that it is aimed at fixing the security settings. The issues were called by a "logic error", and that it was "addressed with improved credential validation".

Apple released a statement saying that it had "stumbled" in allowing the error to slip through, but that it had worked to fix it as quickly as it could. The update comes less than 24 hours after the problem first emerged to the public.

"Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS," a spokesperson said.

"When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. This morning, as of 8 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.

"We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again."

If you've already changed the root password, in keeping with advice before the update, then that password will still remain. As such, it is important to keep a note of that password, since it could be required to gain access to your computer at later on.