Not to be outdone by Intel’s jaw dropping vulnerability reveal last week, Apple stepped up to the plate with what appears to be an epic “Hold My Beer” moment: the latest version of their computer operating system “High Sierra” can be completely compromised through a serious bug. Even more unfortunate is the fact that it is trivial to execute: in any instance of the OS X system asking for authentication to perform a task requiring administrative access, the user merely has to use “root” as the login name and leave the password field blank. Tapping “enter” repeatedly to authenticate will eventually result authentication being granted without ever having to enter any password at all.
What this means for you:
For the majority of the business world, this is a rare respite from the constant deluge of vulnerabilities that plague Windows users, but that is no consolation for the millions of Mac users out there who usually enjoy a relatively secure platform. At the moment there is no patch from Apple but sources say they are scrambling to release a fix soon. In the meantime this vulnerability can be fixed quickly, assuming your machine has not already been compromised. By default, the “root” account is not assigned a password, and assigning one plugs the hole immediately. But there is a catch: setting the password requires a little bit of technical work that initially may seem “too technical” for the self-professed “non-technical” user. You have a choice: earn your geek wings by following this guide from Apple on setting the root password, or give us a ring. We can fix this problem for you, remotely, in a few minutes.
[…] was full. Normally it’s Android users suffering as smartphone guinea pigs, but, just like last week’s ginormous OS X cock-up (supposedly fixed now), Apple seems fairly driven to join everyone else at the bottom of the barrel […]
[…] the keylogger is disabled by default, so it’s not quite as colossal as Apple’s blank password exploit or Intel’s gigantic “oopsie-daisy“. According to both HP and Synaptics, neither […]