Computer experts revealed a critical security hole in Apple’s Macintosh High Sierra operating system on Tuesday, which allowed any user to gain full access to a locked computer by simply typing a word into the login window.
The flaw has since been closed by Apple with an update released Wednesday morning. Apple says the update is available for download and will be pushed out for automatic installation later in the day.
“We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused,” Apple told CTVNews.ca in a statement. “Our customers deserve better. We are auditing our development processes to help prevent this from happening again.”
Prior to the fix, security researchers say typing the word “root” into a Mac’s login screen would immediately bypass its security measures and grant root access to the desktop. The issue left any unattended Mac vulnerable to unauthorized access by anyone who is physically present.
Several security experts brought the issue to Apple Support's attention on Tuesday.
Dear @AppleSupport please immediately close the vulnerability in "High Sierra". So many idiots have described exactly how the vulnerability works. Every baby or child then use that gap. pic.twitter.com/o5Z9tW8uz4
— Christian Lehnert (@ChrLehnert) November 29, 2017
Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as "root" with empty password after clicking on login button several times. Are you aware of it @Apple?
— Lemi Orhan Ergin (@lemiorhan) November 28, 2017
