Chethan Kamath is a 35-year-old former patent attorney in Bangalore, India, who is learning to code in the middle of a self-described midlife crisis. But to some Apple fans from around the world, he’s now something of a cult hero. That’s because Kamath unwittingly exposed a major security vulnerability that affected all Mac owners using the latest High Sierra operating system. And he did it right under Apple’s nose, on its developers forum website — more than two weeks before Apple issued a software update to patch the security bug. Kamath, in a Skype interview from Bangalore, told this news organization that he initially thought he was offering a helpful tip on the Apple forum. In his Nov. 13 post, he provided a simple method people could use to restore administrative access to a Macbook — without needing a password. Kamath found the solution — he said he read it on a forum he can’t remember — of typing “root” in the “Users & Groups” preferences login page with no password to acquire near-instant admin access, after losing his admin access to his own Macbook when he changed his Apple ID.
On Wednesday, Mac released a security update to High Sierra (version 10.13.1). You can download the patch in the App Store. Apple also plans to automatically push the update later today for anyone who is affected. A dangerous bug in the operating system allowed any user anywhere to gain entrance to your files and your saved information on your computer just by typing a single word. Apple released a security memo about the flaw along with a new statement, saying, "Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS." Experts were concerned that the malware, discovered on Tuesday, could gain root access to computers and wreak havoc quicker than ever before.
Cyber security expert Melody Moh, a professor at San Jose State University, called Apple's security flaw "mind blowing." "You can do anything and everything. You can delete that legitimate user's account, you can lock his account. You can access his bank, his email, Twitter, Facebook. Anything," said Moh. Apple unveiled High Sierra on Sept. 25. It came pre-installed on a handful of computer models.
Credits:
http://abc13.com/technology/apple-releases-fix-for-operating-system-bug-/2712634/
No comments:
Post a Comment