From bad to worse: Apple’s fix for major MacBook security flaw doesn’t actually work


Earlier this week Apple was forced to hurriedly roll out a new software update for devices running macOS High Sierra following the discovery of a catastrophic security flaw.

Dubbed the Root bug, the security flaw could enable anyone to easily hack into a MacBook, MacBook Pro, MacBook Air, iMac and iMac Pro without the need of a password of any knowledge whatsoever of hacking techniques.

Discovered by a researcher in Turkey named Lemi Ergin, all anyone had to do to exploit the flaw was to type ‘root’ in the username field when attempting to login, leaving the password field empty and hitting enter multiple times.

By doing so, the person would then not only gain access to the device but also have full administrator privileges.

Thai Tech tested the hack on an iMac and can confirm it worked. Scores of people posting on social media, as well as numerous news reports also confirmed the hack.

Apple then quickly rolled out a security update to fix the issues.

In a statement issued earlier this week an Apple spokesperson said:

“When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole.

“This morning, as of 8 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.

“We greatly regret this error and we apologise to all Mac users, both for releasing with this vulnerability and for the concern it has caused.

“Our customers deserve better. We are auditing our development processes to help prevent this from happening again.”

However, it has now been revealed that the new update has brought its own set of problems for Apple users.

Since installing the update, users have reported that the update hasn’t actually fixed the Root security flaw, according reports by Wired and MacRumours.

If you have updated your Mac to High Sierra 10.13.1 you are now urged to reinstall the update to ensure the flaw is properly patched.

You can do this by going to the App Store and clicking on Updates or by downloading it here.


Comments are closed.