It just works. That’s the mantra oft repeated by proponents of Apple’s special blend of hardware and software optimisation. But one of the dangers of Apple’s incessant need to make things minimalist and smaller, is that you need dongles. Lots of them. Q from MI5 would be proud. Apple’s drive for constant software updates and hardware releases could be taking a toll, as a major macOS High Sierra security flaw has been discovered.
As far as lapses go, this one is a doozy. If you simply leave the password field blank in the login screen and then hit login several times, the computer just…gives up. I mean, that’s a pretty silly flaw to have in any system, let alone software that’s supposedly hard to crack.
The High Sierra security flaw allows anybody with physical access to your computer to gain administrator rights. And they don’t even need to type in a password to do it. The vulnerability was first revealed on Twitter earlier. Disclosure is always good, but it’s unclear how long Apple’s been aware of the problem.
Apple does maintain its own bug reporting website, though it’s invite only. Indeed, the flaw is rather simple to replicate. However, it’s only affecting High Sierra itself. Ironically, should you have an older version of macOS, you’re actually immune to this vulnerability. I mean, you could hardly blame customers for wanting to be immune to such a silly security flaw.
Apple has at least stated that it is fixing the problem through a software release. In the meantime, it’s posted instructions on how to counteract the vulnerability. I wonder if that includes buying a Windows computer or dual booting?
The revelation that a macOS High Sierra security flaw could be so elementary will certain shake the confidence Apple customers have towards its products. Or maybe not. Either way, it’s embarrassing to have a rare misstep in a product that relies on an adage that it’s not as vulnerable to such issues. Hopefully, the security flaw gets patched soon.