Ap­ple is­sues a fi x for Mac pass­word se­cu­rity prob­lem

The Columbus Dispatch - - Market Summary - By Sa­man­tha Masunaga

Ap­ple Inc. said an up­date was now avail­able to fix a se­cu­rity is­sue in its lat­est Mac op­er­at­ing sys­tem that en­ables peo­ple to log in to Mac com­put­ers with­out know­ing the pass­word.

The Cu­per­tino, Calif., tech gi­ant said Wed­nes­day that as of 8 a. m., the up­date was avail­able for down­load and that later in the day it will be au­to­mat­i­cally in­stalled on all sys­tems run­ning the lat­est ver­sion of MacOS High Sierra.

“Se­cu­rity is a top pri­or­ity for ev­ery Ap­ple prod­uct, and re­gret­tably we stum­bled with this re­lease of MacOS,” the com­pany said in a state­ment. “We are au­dit­ing our de­vel­op­ment pro­cesses to help pre­vent this from hap­pen­ing again.”

A soft­ware de­vel­oper un­af­fil­i­ated with Ap­ple pub­li­cized the prob­lem Tues­day, say­ing peo­ple could log in to Ap­ple com­put­ers run­ning MacOS High Sierra by en­ter­ing the user name “root” and no pass­word, then click­ing the lo­gin but­ton sev­eral times.

The “root” user ac­count is gen­er­ally used by com­puter ad­min­is­tra­tors and gives “read and write priv­i­leges to more ar­eas of the sys­tem, in­clud­ing files in other MacOS user ac­counts,” ac­cord­ing to Ap­ple.

The is­sue had been de­scribed on­line pre­vi­ously, in­clud­ing in the Ap­ple De­vel­oper Fo­rum ear­lier this month, but re­ceived more at­ten­tion after Lemi Er­gin, a Turk­ish soft­ware de­vel­oper, tweeted about it Tues­day, ask­ing Ap­ple if it was aware of the “huge se­cu­rity is­sue.”

In a Medium post pub­lished Wed­nes­day, Er­gin said staffers at a com­pany he works for dis­cov­ered the is­sue while try­ing to help a co-worker re­cover ac­cess to his lo­cal ad­min­is­tra­tor ac­count. The staffers used the flaw to re­cover the ac­count and in­formed Ap­ple about the prob­lem last week, he said.

“I have no in­ten­tion to harm Ap­ple and Ap­ple users,” Er­gin said in the post. “By post­ing the tweet, I just wanted to warn Ap­ple and say ‘ there is a se­ri­ous se­cu­rity is­sue in High Sierra, be aware of it and fix it.’”

Ap­ple said in its state­ment that its se­cu­rity en­gi­neers be­came aware of the is­sue Tues­day af­ter­noon and that the com­pany “im­me­di­ately be­gan work­ing on an up­date that closes the se­cu­rity hole.”

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.