By now all Apple users have heard and (hopefully) upgraded to 10.13.1 to avoid the security issues present in 10.13. So what heck actually happened and what did Apple have to say. Let’s take a look:
Many of us got a notification on the morning of Wednesday November 29th that we needed to do an update immediately that related to security on our computer. I’ve been a Mac user for a long time now (10+ years) and I don’t remember seeing an update like that before! Like a good Apple user, I complied… immediately. And like any Apple user, I took to Google (yeah, not Safari 😁) to figure out exactly what was going on!
The discovery was posted to Twitter (my inner customer service rep shutters at the thought of this kind of bug being reported via social media) and the frenzy began!
So basically that meant that anyone can log into a Mac by entering “root” as the username without a password. The first time you try to login, it won’t work. But if you try it again, you will be granted access.
According to Apple, “The user account named ”root” is a superuser with read and write privileges to more areas of the system, including files in other macOS user accounts. The root user is disabled by default. If you can log in to your Mac with an administrator account, you can enable the root user, then log in as the root user to complete your task.”
So as you can see allowing just anyone access to a “superuser” account is kinda bad!
To Apple’s credit the response was swift. Within hours they had a fix and within 24 hours they were pushing it to all their users. And I’ll give them credit… they messed up BUT their response was perfect. They corrected it and owned up to the mistake.
Maybe now they can work on fixing iOS 11… 😳