A day after a researcher discovered a huge login security flaw in the latest version of Apple’s macOS High Sierra operating system, the company said that it would review its software development process. On November 29, 2017, Apple said it released a patch to fix the password bug that would be automatically installed on the vulnerable machines. The bug reportedly enabled hackers to gain access to Apple computers without using a password.
The bug was discovered by a Turkish software developer, Lemi Orhan Ergin, who took to the micro-blogging site Twitter to report the issue. He tweeted “Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as “root” with empty password after clicking on login button several times. Are you aware of it @Apple?”
Ergin’s tweet went viral within no time and it got 12,744 retweets at the time of publishing this report. In an article on Medium.com, Ergin elaborated the story behind “anyone can login as root” tweet. He wrote “On Nov 23, the staff members informed Apple about it (bug issue). They also searched online and saw the issue mentioned in a few places already, even in Apple Developer Forum from Nov 13. It seemed like the issue had been revealed, but Apple had not noticed yet.”
With prompt action, Apple fixed the patch within 24 hours after security engineers learned of the bug issue on November 28, 2017, following Ergin’s tweet.
In a statement, the U.S. technology giant said, “We greatly regret this error and we apologize to all Mac users. Our customers deserve better. We are auditing our development processes to help prevent this from happening again. Security is a top priority for every Apple product, and regrettably we stumbled with this release of Mac OS”.
Immediately after the bug report was spread, the U.S. and German governments issued alerts advising Mac users to install the patch. In tech stocks, Apple stock was reported to be down to 2.6 percent at $168.55 on November 29, 2017.
Earlier this month, Apple was left red-faced when its newly launched iOs 11.1 and Safari were hacked several times by security researchers at a hacking competition called Pwn2Own in Tokyo.