Rabitə və İnformasiya Texnologiyaları Nazirliyinin elektron xəbər xidməti

Apple’s macOS High Sierra has a simple security flaw that lets anyone log into your Mac


APPLE users have noticed a troubling flaw in the company’s Mac operating system which lets people circumnavigate password protocols to gain access to the computer.
 
Raising alarming privacy concerns, it means anyone with physical access to your MacBook or iMac can create a phantom profile that won’t show up on real admin accounts if the machine is running the new High Sierra operating system.
 
In the device’s System Preferences, under Users & Groups, you can click on the lock and gain system administrator access by simply entering the username “root” and leaving the password blank. After hitting enter a few times it grants access. Once that is done, the trick can be used to log into the computer at any time.
 
The flaw appears to have been first reported by software developer Lemi Orhan Ergin who tweeted the fault to Apple’s support team this morning.
 
The flaw has been confirmed by a number of users and reported by various tech publications.
 
While someone needs to have physical access to your computer, the flaw is problematic in certain scenarios. For instance thieves now have an easy way to get into an Apple computer they’ve stolen and third parties like law enforcement officials could easily login to a suspect’s private computer.
 
The bug reportedly works for all aspects of the operating system that would normally require a password, meaning someone could also get access to your Apple Keychain which holds all your passwords.
 
If you want a quick way to protect against the flaw, it’s probably wise to turn off any guest admin account so people can’t enact the password workaround, or change the root password from your directory utility under Settings > Users & Groups > Login Options.
 
In a statement issued to news.com.au, an Apple spokesperson said: “Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS.
 
“When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. The update is available for download, and starting later today (Thursday AEST) it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.
 
“We greatly regret this error and we apologise to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.”





30/11/17    Çap et