Apple has become an authority in providing us with useful software and the required fixes that inevitably come with the development of this software. This was proven true Wednesday, November 29th, 2017 after a bug in Macs High Sierra software was discovered. The bug was discovered by a Turkish software developer by the name of Lemi Orhan Ergin. Tuesday, November 28th Ergin made the announcement on Twitter, directing the tweet at Apple. The tweet reads “Dear @Applesupport, we noticed a huge security issue at MacOS High Sierra.” By Wednesday morning Apple had resolved the issue, meaning that their response time was less than a day after the issue was reported. If this isn’t an example of dedicated customer service I’m not sure what is.
The bug was only apparent in MacOS High Sierra 10.13 or 10.13.1 software. This bug caused a security issue in many Macs running the latest software as it allowed unauthorized personnel unchecked access to anything that existed on the Mac in question. Not only did it allow full access from the lock screen by simply choosing “other user” upon login, but it allowed access to the Mac through the use of the word “root” as the login name, without the requirement of a password. Ergin gave us the how-to on Twitter, listing the steps that would need to be taken as “System Preferences>Users and groups>Click the lock to make changes. Then use “root” with no password.” Ergin ended his tweet by saying “The result is unbelievable!”
Not only did the bug allow those with physical access to the Mac the ability to hack in, but it was also a potential issue with screen sharing. Through screen sharing hackers in remote locations could gain access to the information on the affected computers.
MacOS High Sierra 10.13 and 10.13.1 were the latest software update for the Mac, however, it has since been replaced with a software that fixes this bug. To correct the problem Mac users need only to update their Mac to the latest software. This can be done in the App store on your Mac. By first opening, the App store and then selecting updates in the toolbar users can see which software they are currently using. Here you can select the update button to update your Mac to the latest software. All updates that have occurred in the last thirty days will also be visible here so you can see if you were running High Sierra 10.13 or 10.13.1. This will give you insight into whether you had the potential to be affected by this bug.
It is fortunate that this bug was discovered and fixed so quickly. However, it also puts into perspective how sensitive the information we store on our devices may be, and even more how we should work to protect this information. Since the main threat of this bug was through physical access to Macs it is important to remember to keep sensitive devices in secure locations. If you don’t want others gaining access to your personal or private information precautions must be taken. It is also important to be aware of what software you are using on your devices and whether there are any known or reported issues with the software you are using. Mac users are able to find out which software they are running by selecting the apple icon in the left corner of the screen and then clicking “About this Mac.” After you are aware of what software you are using it is important to be aware of updates or new information that may surface regarding this software. There is no such thing as being too informed where the issue of security is concerned.
The High Sierra security issue is just one bug of many that Apple or any company work to fix each time a new software is released. This is to be expected, as fixing problems before they arise seems pretty much impossible. What is important to take away from this is the amount of effort we should all be put into keeping our devices locked and safe. To ensure that the files we consider to be for our eyes only are in fact only viewed by ourselves. We must remember to keep our devices in safe places, where not everyone will have access to them. It is also a good idea to be aware of what software’s we are running and when, as well as any potential issues the software might have. Staying informed however cannot ensure that there will not be issues, which is why people like Lemi Orhan Ergin and companies like Apple are essential to ensuring device security.
Published on 5th December 2017 by Ian Brady.