Share post:

One Bad Apple Ruins The Bunch

By: Kathleen King Category: Blog Posted: December 01, 2017

If you have been paying attention to your favorite technology news aggregator lately, you will undoubtedly have seen the fervor over the recent macOS High Sierra security debacle. Security issues are always a big talking point in the tech world, but this one is particularly mentionable because an attempt to fix it has put an undue burden on the average user.

In September, macOS released High Sierra. On Tuesday, a team of security researchers discovered that by logging in with a username of ‘root’ and an empty password field, a hacker could access a Mac and the core settings. Now, this does require the hacker to have direct access to the laptop, but it is a rather large oversight on Apple’s part.

 

 

By gaining ‘root’ access to a device, a hacker can install malicious content, steal personal information, or take control of a device. The ‘root’ user is a commonly used name for a superuser, which is a user granted all access and permissions on a device. Programmers commonly use this level of permissions when developing and designing a software. This security flaw is likely a carryover from some development work that was forgotten in the cleanup.

Apple quickly pushed out a patch to fix the issue and released a statement on Wednesday morning saying, “Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS. When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. This morning, as of 8 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.” (Washington Post)

 

 

However, it was later discovered that this patch can break file sharing or authenticating. The fix required users to open a terminal, enter “sudo /usr/libexec/configureLocalKDC”, and enter their admin password. Though this is an easy task for most developers, it can be confusing and scary for the average user. Many reached out to Apple to voice their complaints via Twitter.

 

 

At FreeSWITCH we know what it is like to deal with bugs and reporting. We strive to keep our community updated when we encounter important issues. You can learn more about how we deal with bugs by joining our mailing list, subscribing to our YouTube channel, and following us on Facebook and Twitter

Get The FreeSWITCH Advantage™ FreeSWITCH Commercial Support can keep you on track for your business goals

Get the Books! Save 50% with the case sensitive code FreeSwitch50

Current version

1.6.19

Development: 1.9.0

License: MPL 1.1

Help us better
FreeSWITCH