Another MacOS Bug Reported After Apple’s High Sierra Problem

A glaring security problem recently discovered in the latest version of Apple’s MacOS operating system shows that anyone could gain administrative access to the Apple machine without even having to enter the password.

The problem has been found with the MacOS High Sierra.

On Macs running the operating system, all you have to do to gain administrative control is to enter as the user name “root” and give no password.

Apple confirmed late Tuesday they are working on a software update that would solve the problem.

Ever since the story broke, there has been an understandable excitement around it since the company is known for the robust security provisions it brings to their systems. Also, since the news, there have been other developments, including the discovery of another bug.

But let’s start with the statement that Apple made regarding the software update first:

"We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012 . If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section."

Also, it’s been confirmed that the root login bug doesn’t affect machines that run Sierra and only affects machines that run High Sierra. A tweet regarding this was made by Alasdair Allan (@allan) — a scientist and a respected journalist covering technology. The tweet read thus:

Across the internet, the security flaw has been variously described as “embarrassing”(thenextweb.com), “seriously not good”(@allan), “critical vulnerability”(theverge.com) and “huge”(techcrunch.com).

All such comments clearly point to the fact that Apple is not exactly having the time of its life now.

If that was not bad enough, news of another flaw, related to the security bug, broke on the internet.

It was found that the root bug could be used to create a proxy user through the user interface. If you do that, the system fumbles and the new user that has been created becomes one which you could not login to. Also, none of the files in this new user’s home directory would be owned by you. Instead, those files would be owned by its user ID. But the catch is that this new user ID is not mapped to a use.

In simplistic terms, the computer doesn’t know what exactly do to with the new user ID.

A tweet related to this was made by Amit Serper (@0XAmit), a Massachusetts based security researcher on Nov. 28.

But the bug problems don’t seem to stop there for Apple.

Bugs have been detected in the newest iOS11 version for Apple’s phone and tablets. Earlier this month, Apple released the last version of the iOS11 named iOS 11.1.1. The reason for that launch was that the version before that had a problem — when users typed the letter "I" on their phones or tablets, it got autocorrected to "A[?]"

With the newest release (iOS 11.1.2), that problem has been fixed. However, it comes with another problem of its own: if you type in "it" or "is," it gets autocorrected to "I.T" or "I.S."

This is not as severe a problem as the root bug but given how rarely people use "I.T" or "I.S" in their messages, a lot of users are said to be bugged by this. Pun intended.