The Independent’s journalism is supported by our readers. When you purchase through links on our site, we may earn commission.

Apple MacOS bug allows anyone to get access to your computer – but here's how to fix it

The fix is a little complicated – but required if you think there's any chance someone might want to read your private information

Andrew Griffin
Wednesday 29 November 2017 10:05
Comments
Craig Federighi, Senior Vice President Software Engineering speaks during the company's annual world wide developer conference (WWDC) in San Jose, California, 5 June 2017
Craig Federighi, Senior Vice President Software Engineering speaks during the company's annual world wide developer conference (WWDC) in San Jose, California, 5 June 2017

A huge Mac bug makes every Apple computer in the world vulnerable – but there’s an easy fix.

The update emerged overnight but has been discussed in some circles for weeks. That means that it’s likely anyone trying to break into your computer is aware of it, making it doubly important to make sure you guard against it.

Thankfully both Apple and external security experts have shared information on how to fix the problem, which is clear but a little complicated. Further information on the major hack can be found here.

Almost every Mac computer that is running High Sierra, the latest update to Apple’s operating system, is at risk – unless you’ve already done the workaround that stops the bug working.

Apple confirmed it is working on a fix that will come in a software update soon. But it shared a way of keeping computers safe in the meantime.

“We are working on a software update to address this issue,” it said in a statement. ”In the meantime, setting a root password prevents unauthorised access to your Mac. To enable the root user and set a password, please follow the instructions here: support.apple.com/en-us/HT204012. If a root user is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘change the root password’ section.”

External security experts have shared their concern that such a bug could break through. But they also endorsed the fix, and outlined one that is slightly quicker – though relies on slightly more advanced knowledge of how MacOS works.

“This is a very surprising bug that evaded the quality control on MacOS High Sierra,” said Tyler Moffitt, senior threat research analyst at Webroot. “Apparently, this also works on FileVault in the MacOS which makes this bug quite devastating. The good news is that as of right now, there is not any mention of malware that leverages this security flaw.

“We can expect Apple to quickly release a fix for this vulnerability. In the meantime, impacted users with admin access should type the following command from the terminal: ‘$ sudo passwd root’. After typing the command, the user should enter his/her password then create a new password for the root user.”

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Please enter a valid email
Please enter a valid email
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Please enter your first name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
Please enter your last name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
You must be over 18 years old to register
You must be over 18 years old to register
Opt-out-policy
You can opt-out at any time by signing in to your account to manage your preferences. Each email has a link to unsubscribe.

By clicking ‘Create my account’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in