Do this now for Apple’s High Sierra security bug
SAN FRANCISCO – Apple on Wednesday pushed out a fix for a serious security bug that would have let anyone with physical access to its Mac laptops or desktop computers running the latest version of its operating system easily infiltrate the computer.
Less than a day after the security bug to MacOS High Sierra was reported, Apple said Apple users need to install an update to the system to correct the problem.
How to check if you’re vulnerable:
To see which operating system a computer is running, click the apple icon in the upper-left-hand corner of the screen and then click “About this Mac.”
That will give the version number of the operating system.
To see if a Mac is vulnerable to the bug, follow these steps:
1. Open System Preferences.
2. Choose Users & Groups.
3. Click the lock to make changes.
4. Type “root” in the username field.
5. Put the cursor in the password field and click there, but don’t type anything.
6. Click unlock.
If the system allows you in, you would be able to add a new administrator-level account with full privileges on the system — all without a password to the computer.
How to fix it:
1. Open the App Store app on the Mac.
2. Click Updates in the App Store toolbar.
3. Use the Update buttons to download and install any updates listed.
4. Updates installed in the last 30 days appear below this list.
The bug requires the would-be hacker to actually type on the Mac’s keyboard, so the easiest fix was to keep vulnerable machines under lock and key — not always possible with laptops. At the login screen, the bug allowed a user to type in “root” (with no quotations) as the user name, leave the password blank and get in.
There were also reports that in some cases, if a user had allowed screen sharing on their computer, it was possible to exploit the bug remotely.
The bug was made public on Twitter Tuesday by Turkish software developer Lemi Orhan Ergin.
USA TODAY confirmed the vulnerability on a late 2013 MacBook Pro running MacOS 10.13.1, or MacOS High Sierra, and a late 2015 iMac running the same software.
It allowed a reporter to unlock the safeguards that prevent changes in “System Preferences” on the machine as well as letting someone log into the Mac from the lock screen by simply going to the “other user” tab.