Monday, November 11, 2024

Apple rushes to fix major password bug

Must read

Nigerian High Commission apartments in Ghana demolished

Some new apartments built at the residence of the Nigerian High Commissioner in Ghana’s capital city Accra, have been demolished by bulldozers. The apartments have been constructed to...

Covid-19: Ghana records significant recovery numbers

Ghanaian health officials on Saturday said over 10,000 persons infected with the coronavirus have now recovered. The significant number of recoveries means the country now...

DR Congo: President’s ex-chief of staff jailed 20 years for corruption

The ex-chief of staff of the president of the Democratic Republic of Congo has been jailed 20 years by a high court. Vital Kamerhe was...

Covid-19: Zimbabwe’s health minister arrested, charged for graft

Zimbabwe's Health Minister Obadiah Moyo has been arrested over corruption allegations related to procurement of medical equipment worth $60 million. Moyo is accused of illegally...
Isaac Kaledzihttps://en.wikipedia.org/wiki/Isaac_Kaledzi
Isaac Kaledzi is an experienced and award winning journalist from Ghana. He has worked for several media brands both in Ghana and on the International scene. Isaac Kaledzi is currently serving as an African Correspondent for DW.

Apple has said it is working to fix a serious bug within its Mac operating system.

The flaw in MacOS High Sierra – the most recent version – makes it possible to gain entry to the machine without a password, and also have access to powerful administrator rights.

“We are working on a software update to address this issue,” Apple said in a statement.

The bug was discovered by Turkish developer Lemi Ergin.

He found that by entering the username “root”, leaving the password field blank, and hitting “enter” a few times, he would be granted unrestricted access to the target machine.

Mr Ergin faced criticism for apparently not following responsible disclosure guidelines typically observed by security professionals.

Those guidelines instruct security experts to notify companies of flaws in their products, giving them a reasonable amount of time to fix the flaw before going public.

Mr Ergin did not respond to those claims when asked on Twitter, and the BBC was unable to reach him on Tuesday.

Apple would not confirm or deny whether it knew about the flaw beforehand.

However, a member of Apple’s support forums had posted details of the flawmore than two weeks ago, though the message appears to suggest the vulnerability could be a useful feature for troubleshooting rather than a critical security threat.

The exploit

Considering the power it gives, the bug is remarkably simple, described by security experts as a “howler” and “embarrassing”.

Those with root access can do more than a normal user, such as read and write the files of other accounts on the same machine. A superuser could also delete crucial system files, rendering the computer useless – or install malware that typical security software would find hard to detect.

Typically, the bug cannot be exploited remotely, meaning for most users the threat only exists if a malicious person has physical access to the machine. That said, if remote access has been granted to the computer for some other reason, such as offering tech support, then the flaw could be executed using that connection.

The timing of the disclosure presents a major issue to Apple as it now must hurriedly put in place a fix before the vulnerability can be exploited by criminals.

“Haste and security don’t make good bedfellows,” said Prof Alan Woodward from the University of Surrey.

“They will need to be careful the patch doesn’t introduce some other problem as they’ve not had time to properly test it.”

 

Source: BBC

- Advertisement -

More articles

- Advertisement -

Latest article

Nigerian High Commission apartments in Ghana demolished

Some new apartments built at the residence of the Nigerian High Commissioner in Ghana’s capital city Accra, have been demolished by bulldozers. The apartments have been constructed to...

Covid-19: Ghana records significant recovery numbers

Ghanaian health officials on Saturday said over 10,000 persons infected with the coronavirus have now recovered. The significant number of recoveries means the country now...

DR Congo: President’s ex-chief of staff jailed 20 years for corruption

The ex-chief of staff of the president of the Democratic Republic of Congo has been jailed 20 years by a high court. Vital Kamerhe was...

Covid-19: Zimbabwe’s health minister arrested, charged for graft

Zimbabwe's Health Minister Obadiah Moyo has been arrested over corruption allegations related to procurement of medical equipment worth $60 million. Moyo is accused of illegally...

Ghana’s new law that jails citizens not wearing facemask 10 years

Ghanaians who fail to wear the face masks in compliance with a presidential directive risk going to jail for ten years. They also face a...