News

Apple patch may not solve security issue

A software patch which Apple released to close a major security issue in its latest High Sierra operating system for Macs seems to contain a bug of its own.

The original flaw meant anybody who gets their hands on a Mac with High Sierra installed could access all files without the need for a password. It allowed anyone to get high-level access to the device by merely using ‘root’ as username and entering nothing in the password field.

The issue was confirmed on Mac devices running either version 10.13 or 10.13.1 of the High Sierra operating system.

A red-faced Apple released a ‘fix’ less than 24 hours after the issue became public knowledge, but Wired magazine has now discovered that the moment users upgrade to a new version of High Sierra it comes back.

According to the publication the order in which users install patches and updates for their Mac computers could result in the original bug not being fixed at all.

The issue, the testers say, would remain on any Mac device that was running High Sierra 10.13 where the user had installed the security patch released by Apple – provided that they subsequently upgraded to the newer High Sierra 10.13.1 without rebooting the device.
A security expert at Malwarebytes reportedly said to Wired magazine: “You could easily have someone who doesn’t reboot their computer for months. That’s not a good thing.”

Commenting in the same magazine, Andy Greenberg stated that it was unclear how many Mac users could face a security threat because of this.
At the time of going to press, Apple has not commented or responded to enquiries about the recurring bug issue.

On the support page where it provides instructions on how to install the security fix, it is, however, stressed that the patch should be “applied properly”.

Tags

About the author

Chris

I've been a passionate evangelist for Apple and the Macintosh throughout my working life, my first love was a Quadra 605 working with a small creative agency in the south of Norfolk UK in the mid 1990's, I later progressed to other roles in other Macintosh dominated industries, first as a Senior graphic designer at a small printing company and then a production manager at Guardian Media Group. As the publishing and printing sector wained I moved into Internet Marketing and in 2006 co-founded blurtit.com which grew to become one the top 200 visited sites in the US (according to Quantcast), at its peak receiving over 15 million visits per month. For the last ten years I have worked as an Affiliate and Consultant to many different business and start ups, my key skill set being online marketing, on page monetisation, landing page optimisation and traffic generation, if you would like to hire me or discuss your current project please reach out to me here.

You can also follow me on: and

Add Comment

Click here to post a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.