Published in News

Apple red-faced over critical but basic security flaw

by on29 November 2017


Company’s programming skills drop down the loo

Apple’s programming skills have become a source of amusement as the fruity cargo-cult lurches from failure to failure, but now it seems someone created a security flaw which was the equivalent of going on holiday and leaving your front door open with a big sign listing where your valuables are.

The flaw in MacOS High Sierra - the most recent version - makes it possible to gain entry to the machine without a password, and have access to administrator rights.

The bug was discovered by Turkish developer Lemi Ergin who found that by entering the username "root", leaving the password field blank, and hitting "enter" a few times, he would be granted unrestricted access to the target machine.

The Tame Apple Press is furious at Ergin because he not only showed that their favourite operating system was a joke, he did not “follow responsible disclosure guidelines typically observed by security professionals”.

They said that he should have given Apple a reasonable amount of time to fix the flaw before going public.

Apple certainly knew about the flaw at least two weeks ago when some Apple fanboy posted on an Apple Support Forum that the vulnerability could be a useful feature for troubleshooting. A bug this bad in Windows would have been cleaned up in hours, but Jobs’ Mob’s crack brains still have not fixed it.

Security experts say that if anyone should be embarrassed it is Apple because the flaw is so simple that it is "embarrassing".

Those with root access can do more than a normal user, such as read and write the files of other accounts on the same machine. A superuser could also delete crucial system files, rendering the computer useless - or install malware that typical security software would find hard to detect.

The only thing saving all Apple fanboys from malware destruction is that the bug cannot be exploited remotely and the user needs to have physical access to the machine. But if remote access had been granted to the computer for some other reason, such as offering tech support, then the flaw could be executed using that connection.

While Apple genii scratch themselves, have a few lattes and ponder how to make a silk purse out of their security sow’s ear they have suggested setting a root password to prevent unauthorised access to their macs.

For those not confident enough to change system settings like this, security experts advise simply - don't let your Mac out of your sight, take it to bed with you, don’t leave it alone in the house, don’t even trust your dog not to hack your Mac.

Last modified on 29 November 2017
Rate this item
(0 votes)