A critical security failure present in the latest version of the operating system of Mac computers, known as High Sierra, allows anyone to enter the system with privileges of superuser (root) and therefore have access to all content stored in the The ruling affects only the latest version of this operating system from Apple, released last September, and is easy to reproduce.
All you have to do is identify yourself on the registration screen when you start your computer as root (the default system administrator account on Unix-based systems, such as macOS or Linux), leave the password field blank and press the button several times in a row. access.
This procedure also works to change any system configuration once it has been accessed as any other user. Simply enter the root user name, leave the password blank and press the validation button several times to access any corner of the system. It is also possible to access the computers remotely if they have activated the desktop sharing function (by default it is disabled).
According to Bill Evans, an Apple spokesman, the company is already working on a security update that solves the problem. The only way to correct it, at the moment, is to create a secure password for the root user, which in macOS systems is hidden by default. In turn, in an official statement, the company urges you to create a password for the root user.
“To enable the Root user and set a password, follow the instructions found here If the Root user is already enabled, to ensure that the blank password option does not fit, follow the instructions in the ‘Change Password’ section de root ‘”Criticism of the company Several experts have criticized the way in which this vulnerability has been made public on the Internet.
The developer Lemi Orhan Ergin communicated it in a brief tweet published without previous warning. Usually, among developers and security experts, it tends to follow an ethical code that asks to communicate the discovery to the company first, so that the patches of security can be ready at the time the vulnerability is made public.
Doing this puts millions of computers at risk, “says developer Amir Omidi. The ruling, in any case, is serious enough to get the colors out of Apple, a company that always claims to have a more secure operating system than the one of the competition
On the web that details the security measures of the macOS operating system, Apple expressly recommends updating to the latest version of the operating system, High Sierra, to be protected against any attack in a simple way.
For many Mac users, unhappy in recent years with the priority that Apple seems to be giving its other operating system, iOS, this security flaw shows the lack of interest that the Cupertino company puts in the traditional computing market.