Apple fixes MacOS Root Password security blunder

Apple have issued a fix for yesterday’s severe security alert, after it emerged the tech giant’s High Sierra operating system would allow access to many users’ MacOS Root User without entering a password.

The story caused alarm around the world, as Mac users discovered full administrator control of their device was available to anyone within reach of the keyboard.

Discovered by a Turkish developer who tweeted it to Apple Support, Lemi Ergin, the widely publicised fault is believed to affect all Apple MacOS devices (such as the iMac and MacBook ranges) running version 10.13.1 or newer.

Mr Ergin has since published an article on Medium defending his decision to flag the vulnerability publicly, arguing that despite the security flaw being public knowledge on the Apple Developer Forum since 13th November, Apple had failed for resolve the issue.

Yesterday Lineal published guidance to all our Mac clients, advising caution over the physical security of Apple hardware, and explaining the need for users to set a new root password to temporarily secure their Mac while Apple worked on a security fix.

Security update 2017-001 is now available via the App Store, and Apple have even taken the almost unprecedented step of forcing 10.13.1 devices to update automatically.

MacOS root

The failure to set a random default MacOS root password (a fundamental technical security feature) once again calls into question the recent competence of Apple’s historically excellent quality control and product testing, and may slow the adoption of the firm’s latest flagship operating system. The widespread media publicity surrounding the story is also likely to undermine Apple’s long-held reputation for security on Mac devices.

Apple issued an apology, stating ‘We greatly regret this error and apologise to all Mac users.”

 

For Apple assistance and support, contact Lineal’s IT team today.


Apple macOS High Sierra reaches new heights

Apple’s second beta of macOS High Sierra has been made available to testers, following initial unveiling at the 2017 Worldwide Developers Conference.

Early indications point to High Sierra being a heavily-media themed update to Apple’s most recent operating system. In addition to the new Apple File System (APFS) already in use on your iPhone’s media-heavy storage, a new ‘High Efficiency Video Codec’ and compatibility with Virtual Reality technology is being introduced.

All the additions have been made with the dominance of flash-based SSD storage in mind, and the mind-boggling files sizes now generated by visual media. HEVC in particular will compress high-quality video more than 40% more than previous codecs, helping save space on your ever-slimmer MacBook. 

Metal 2 adds new under-the-hood abilities to each Mac’s GPU to support machine learning and VR, as well as external device GPUs for the peripherals required to support these mediums.

The ‘elevated’ generation of updates to macOS software also includes speed and privacy additions to various default apps, including Safari. Developers have tinkered with the controls and abilities of Apple photos to make it more intuitive, and users can look forward to a little more humanity from Siri.

Apple is expected to release macOS High Sierra in the Autumn free of charge to all users, although (with caution) technically capable enthusiasts can be among the first to try the beta here.

Lineal have more than 30 years of Apple expertise: contact us today.