The Apple “Root User” Bug: An Unwelcome Gift that Can Keep on Giving

Posted by On with No Comments

Categories: Alert, News, Security

Mac Alert

The new macOS High Sierra update (from 10.13 to 10.13.1) will reintroduce a bug for which Apple has already issued an automatic fix. That means users must reboot their computers to reapply the fix.

We recommend that all users of the macOS High Sierra reboot their systems upon reading this, if they haven’t already.

In the past few weeks, the Apple world has been abuzz with news of a flaw in the new macOS High Sierra operating system (OS), discovered by Turkish software developer Lemi Orhan Ergan. To exploit the vulnerability, someone with physical or Remote User access to the computer would type “root,” then leave the password field empty in the Users & Groups section of System Preferences.

Repeating this action several times affords root access to the computer — meaning the individual could control the device as if he or she were an administrator. From there, that person could download malicious software or otherwise compromise the system.

Carmichael learned of the flaw almost immediately. However, before we could distribute an alert to our customers and friends, Apple had issued a “fix” and pushed it out as part of High Sierra systems’ automatic OS updates. Rectifying a software bug in fewer than 24 hours is impressive, but unfortunately, it apparently wasn’t permanent.

Now, researchers report that a new update of the macOS High Sierra (from 10.13 to 10.13.1) will reintroduce the bug until the fix is reapplied. That seems minor, but there is a caveat. Because the now-historical fix has already been pushed out to all macOS High Sierra computers, it will be reapplied only if users restart their computers after the update.

Given that in most cases the update applies automatically, and many Apple users rarely reboot their systems, this is a concern.

We recommend that all users of the macOS High Sierra reboot their systems upon reading this, if they haven’t already.

This incident has given Apple a black eye, and more importantly for its users, it has sounded a warning. In the high-speed, high-stakes race to gain or retain market dominance, companies and their software engineers make mistakes. Then, well-intended researchers discover and report on them, which gives cybercriminals a heads up that they have a new attack vector.

It’s the nature of the world we live in, and it’s not going to change any time soon, if ever. In the meantime, we recommend all computer and device users stay vigilant—and we’ll keep you informed of anything else we learn.

Curious what Carmichael Consulting can do to enhance your desktop and mobile devices’ operating efficiency, security and reliability? Give us a call for a complimentary consultation at 678-719-9671.