New Delhi: Apple has apologised for the major security flaw in its Mac operating system (OS) that lets anyone log into Mac devices running without a password.


COMMERCIAL BREAK
SCROLL TO CONTINUE READING

The tech giant has rolled out an update to fix the login security flaw.


The security flaw affected all Mac devices running the latest version of High Sierra (at least version 10.13.1 - 17B48).


The vulnerability was discovered by Turkish developer Lemi Orhan, who found that the Mac log-in screen can be cracked simply by entering the word "root" as a username and hitting enter twice, without having to enter a password.


The latest version of MacOS will automatically download the update.


In its Support Page, Apple said that a logic error existed in the validation of credentials. This was addressed with improved credential validation.


To confirm that your Mac has Security Update 2017-001:


  •     Open the Terminal app, which is in the Utilities folder of your Applications folder.
  •     Type what /usr/libexec/opendirectoryd and press Return.
  •     If Security Update 2017-001 was installed successfully, you will see one of these project version numbers:
  •     opendirectoryd-483.1.5 on macOS High Sierra 10.13
  •     opendirectoryd-483.20.7 on macOS High Sierra 10.13.1

If you require the root user account on your Mac, you will need to re-enable the root user and change the root user's password after this update.