While Apple scrambles to issue a software fix for a major macOS High Sierra vulnerability, astute observers are wondering what took the company so long to react — after all, the problem was known about weeks ago.
。
It seems that on November 13, a commenter on an Apple developer forum disclosed the very vulnerability that today threw the infosec community into a frenzy. Oh, and it was called out 9 days ago on Twitter as well.。
SEE ALSO:How to protect yourself from the massive macOS High Sierra security vulnerability。
SEE ALSO:How to protect yourself from the massive macOS High Sierra security vulnerability。
And just how bad is this security threat? Well, it's not good. Essentially, it gives anyone with access to an unlocked computer the ability to set themselves as the root user — as well as log back in later to the locked computer at a time of their choosing. 。Mashable Light SpeedWant more out-of-this world tech, space and science stories?Mashable Light SpeedWant more out-of-this world tech, space and science stories?Sign up for Mashable's weekly Light Speed newsletter.。
By signing up you agree to our Terms of Use and Privacy Policy.。 Thanks for signing up! 。To execute the hack, you only needed to go to
。System Preferences >
Users & Groups 。
, then enter "root" as your user name while leaving the password field blank. Try this a few times until you have access. It's that simple. The exploit was first explained by Apple developer chethan17777.。
Again, chethan17777 posted this on November 13. Apple only issued instructions on how to protect yourself against this on November 28.
。
Tweet may have been deleted。
Tweet may have been deleted 。Tweet may have been deleted 。
Whether or not anyone tried to responsibly disclose the threat with Apple remains unclear. But the fact that this attack — which in some cases can be performed remotely — was known to some developers weeks before Apple issued a statement about it is sure to turn heads.
。Mashable。
Mashable
。
has reached out to Apple for comment and will update the story as soon as we hear back.
。Featured Video For You
。This eco-friendly fabric can repel stains and odors 。TopicsAppleCybersecurity。