A huge Mac bug makes every Apple computer in the world vulnerable – but there’s an easy fix.
The update emerged overnight but has been discussed in some circles for weeks. That means that it’s likely anyone trying to break into your computer is aware of it, making it doubly important to make sure you guard against it.
Thankfully both Apple and external security experts have shared information on how to fix the problem, which is clear if a little complicated. Further information on the major hack can be found here.
Almost every Mac computer that is running High Sierra, the latest update to Apple’s operating system, is at risk. The only way you wouldn’t be is if you’ve already done the workaround that stops the bug working.
Apple confirmed that it is working on a fix that will come in a software update soon. But it shared a way of keeping computers safe at the same time.
“We are working on a software update to address this issue,” it said in a statement given to The Independent. “In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.”
External security experts have shared their concern that such a bug could break through. But they also endorsed the fix, and outlined one that is slightly quicker – though relies on slightly more advanced knowledge of how MacOS works.
“This is a very surprising bug that evaded the quality control on MacOS High Sierra,” said Tyler Moffitt, senior threat research analyst at Webroot. “Apparently, this also works on FileVault in the MacOS which makes this bug quite devastating. The good news is that as of right now, there is not any mention of malware that leverages this security flaw.
“We can expect Apple to quickly release a fix for this vulnerability. In the meantime, impacted users with admin access should type the following command from the terminal: ‘$ sudo passwd root’. After typing the command, the user should enter his/her password then create a new password for the root user.”