Apple Was Quick to Fix macOS “Root” Issue

Apple has long been heralded as the champion of user security and product reliability, but this year has proved that the company may no longer be a leader of all things secure and reliable. From conforming to Chinese government’s demands to ban VPN apps to coming up with off-ish settings to releasing High Sierra with security bugs that enabled hackers to steal keychain contents to introducing buggy software to go along with its shiny new iPhone X – the reports this year have continued to show that quality assurance is no longer the same at the Cupertino HQ.

Last week, a security researcher revealed a massive security hole in Apple’s macOS High Sierra that allowed attackers to bypass login prompts by simply typing “root” as a username with no password. Apple was applauded by many for releasing a patch just 18 hours after the initial report went live on Twitter. However, subsequent reports revealed that the company actually knew about this flaw for over 2 weeks. However long it may have taken Apple to fix the security flaw, it appeared over the weekend that the patch actually wasn’t properly implemented and put a certain segment of users at risk.

Correct way to install Apple’s latest macOS security patch

Reports reveal that several Mac users who weren’t on the latest version of High Sierra – macOS 10.13.1 – but were on 10.13.0 and installed this security patch without first upgrading to the latest OS version, have spotted seeing this “root” issue reappearing when they install the latest macOS update. Apple had apparently assumed that Mac users would first upgrade to the new version before applying this security patch.

However, in all the social media outcry over this security issue, it makes sense that many were eager to install this security update before they could upgrade to the latest macOS version. In addition to this, Wired reports that at least two Mac users have confirmed that the root problem persists even if they go ahead to reinstall this security patch until they reboot their computer – something that Apple didn’t say was necessary. Here’s the correct order of upgrading and rebooting to fix the “root” problems.

Install macOS 10.13.1 > Install Security Patch > Reboot Mac

“I installed the update again from the App Store, and verified that I could still trigger the bug. That is bad, bad, bad,” Thomas Reed of MalwareBytes told Wired. “Anyone who hasn’t yet updated to 10.13.1, they’re now in the pipeline headed straight for this issue.” Apple has now updated its security page to clearly convey these requirements. The support page reads:

If you recently updated from macOS High Sierra 10.13 to 10.13.1, reboot your Mac to make sure the Security Update is applied properly.

This isn’t the first issue that the security patch brought as the initial version broke some file sharing functions on High Sierra. And security issues aren’t the only software problems that the company seems to be facing. After a frustrating keyboard bug that corrected “i” to “a” and a question mark, the company had to deal with a massive iPhone crashing disaster over the weekend. Apple had to deliver iOS 11.2 to fix this date bug, but the update while fixing the bug also broke Face ID for some users.

These two incidents are just the latest in a continued stream of software related issues coming from Apple. This new sloppy attitude that enables buggy iOS updates to get through the QA process, iPhones to start crashing on a certain date, and then patches that are unable to properly fix the problems and bring more issues with them – is not something that is typically associated with the iPhone maker. Which begs the question, what exactly is up with Apple?



Submit

Leave a Reply