Apple pushes out Mac security update that keeps them from being easily broken into
The update can be easily installed, without even restarting your computer
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Apple has fixed a huge bug that meant Mac computers could easily be broken into.
Overnight it emerged that a problem in the way the Mac operating system deals with passwords meant it was incredibly easy to break into almost any computer running High Sierra, the latest major update.
Apple has apologised to Mac users for allowing the insecure software through, and quickly pushed out an update to all affected computers that should keep them safe.
The "Root" account – which has access to many of the most privileged parts of the software – had its password left completely blank. That meant that anyone could log into the computer with just a blank password and freely look at personal files, change settings and read messages.
Now Apple has pushed out an urgent fix that can be easily downloaded. It adds extra security so that flaw will no longer work.
The update – which is referred to by Apple as "Security Update 2017-001" – can be downloaded by heading to the App Store and checking for new updates. Once you do that, it can be downloaded and installed, and it doesn't require you to restart your computer or do any other complicated operations.
Inside the app store, a message tells Mac owners to "install this update as soon as possible". It doesn't explain why – only saying it is recommended for all users and improves security – but it appears to fix the password problem in all cases.
A separate page for the update makes clear that it is aimed at fixing the security settings. The issues were called by a "logic error", and that it was "addressed with improved credential validation".
Apple released a statement saying that it had "stumbled" in allowing the error to slip through, but that it had worked to fix it as quickly as it could. The update comes less than 24 hours after the problem first emerged to the public.
"Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS," a spokesperson said.
"When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. This morning, as of 8 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.
"We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again."
If you've already changed the root password, in keeping with advice before the update, then that password will still remain. As such, it is important to keep a note of that password, since it could be required to gain access to your computer at later on.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments