Off the wire
Afghan forces kill 17 insurgents within day  • Inner Mongolia confirmed as host of 2018 UIAA Ice Climbing World Cup  • Armed terrorist shot dead by Tunisian army: spokesman  • NBA daily leading scorers  • NBA schedule  • Roundup: NASA builds its "souped-up" Mars rover mission  • Russian Su-30 crew help U.S. avoid international scandal by intercepting its plane: official  • State Council dispatches inspectors to kindergartens nationwide  • Results of NBA games  • Official foreign exchange rates in Georgia  
You are here:  

Apple's MacOS security bug likely to invite easy system hacking

Xinhua,November 29, 2017 Adjust font size:

SAN FRANCISCO, Nov. 28 (Xinhua) -- A Turkish software developer announced Tuesday that he has found a severe security bug in Apple's new Mac operating system (MacOS) that would allow anyone to gain full administrator control of a computer without entering a password.

"Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as "root" with empty password after clicking on login button several times. Are you aware of it @Apple?" the Turkish developer Lemi Orhan Ergin tweeted.

Because of the bug, Ergin found that anyone can gain unauthorized access into a Mac running MacOS High Sierra, its most recent version, by logging in as "root" for username and clicking on the login button a few times with an empty password.

Other Apple users have also reported on social media the existence of the bug, which was said to be able to work remotely through third-party software called VNC and Apple-owned Remote Desktop software.

Apple responded to Ergin's security alert Tuesday afternoon by replying a tweet to Ergin.

"Thanks for reaching out. Send us a DM, and we'll look further into this with you," Apple's customer support division tweeted.

Apple issued a statement saying it is working on a software update for the bug.

The IT company also advised its MacOS user to set a root password to prevent unauthorized access to their Mac.

"If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the 'Change the root password' section," Apple suggested. Enditem