Sunday 25 August 2019

Any Apple Mac computer can be easily broken into

MacBook Air 13-inch, education edition
MacBook Air 13-inch, education edition

Andrew Griffin

Any Apple computer can be easily broken into with a few simple key presses, security researchers have found.

A vulnerability in the way the operating system uses passwords means that they can be simply bypassed by anyone, on practically any computer. Warnings about the bug have been shared by computing experts including Edward Snowden, who described the issue as "really bad".

Whenever a computer running MacOS asks a user to login, they can simply write the username "root" and an empty password. That might not work initially – but repeated presses of the login button will eventually let you through, no matter how complicated the password usually used on the computer.

The root account is a usually hidden login that has access to many of the most privileged part of the computer. It shouldn't appear to any normal user, and shouldn't be accessible to anyone who doesn't own the computer.

The issue was repeated multiple times on multiple computers by The Independent UK, though all of those computers were running the latest version of MacOS, High Sierra. Numerous other news sources and experts have also verified that the bug works.

It was reported first reported by security researcher Lemi Orhan Ergin. Notably, he posted it on Twitter and tagged Apple's official and support accounts – apparently not reporting it through the company's official bug reporting channels, which ensures that it's fixed before it makes it public knowledge.

If you think there is any chance your computer could be broken into or fall into the wrong hands, then it could be worth undertaking the slightly laborious fix. That involves setting a root password, so that anyone attempting to use the fix won't be able to use the empty field as above.

That's done by opening System Preferences, opening the "Users & Groups" panel, choosing "Login options", pressing the “Join” button that's next to ‘Network Account Server’, and clicking on “Open Directory Utility” then choosing the lock icon and logging in. Choose the edit menu and press "Change Root Password" – it will prompt you for your old one, which is probably blank, and you can then change it to something new and more secure.

Clearly, Apple won't expect everyone to go through that long and not immediately obvious process to secure their computer and the company will almost certainly roll out a fix very soon. As such, it will be important to keep a look out for that update and install it as soon as it becomes available.

Such bugs and issues are relatively rare with Apple products, given they are now fairly mature and developed by a relatively limited number of people. But the sheer number of people who use them mean that even a minor issue can resound around the world, as in the cases of vulnerabilities found in iOS, the software that runs on iPhones.

Independent News Service

Also in Business