Apple’s macOS High Sierra yesterday became a liability to everyone using it. A security-crippling bug was discovered which gives Admin access to anyone. If you’re a Mac user, it might be time to consider switching. And if you’re Tim Cook: shame on you.
First things first: if you, or someone you love, is an Apple user get the help you need by downloading and installing the just-released official security update that should fix the issue here. And please, don’t wait — under certain circumstances people can exploit the vulnerability remotely.
If certain sharing services enabled on target – this attack appears to work 💯 remote 🙈💀☠️ (the login attempt enables/creates the root account with blank pw) Oh Apple 🍎😷🤒🤕 pic.twitter.com/lbhzWZLk4v
— patrick wardle (@patrickwardle) November 28, 2017
An Apple spokesperson told Axios:
We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.
That’s nice, we all deserve an apology. But the millions of people travelling this time of year, who don’t have access to their systems, remain screwed until the company pushes the update later today.
Yesterday, we said the issue was “embarrassing” for Apple, but this goes far beyond just getting some egg on the company face. We’ve all just spent nearly an entire day in a world where Apple computers aren’t secure — it would take an unimaginable sense of naivete to believe no damage was done.
Sure, bugs are excusable. But rendering an entire global ecosystem of computers unsecured with a mistake which was only found when a Twitter user pointed it out is not.
This isn’t a small potatoes deal, there is real risk to thousands of people – maybe hundreds of thousands or more (we haven’t seen any official numbers on the amount of systems affected yet). Business executives, researchers, government officials, military officers, and countless others use Apple computers.
It’s bad folks. Apple really shit the bed here.
At the time of this writing Apple has just released a security update. And while it’s good there’s a fix – you won’t have to throw out your Macs immediately – there should have never been a problem like this. At a bare minimum a company should not advertise software as secure if it hasn’t been tested for Root access.
And it damn well shouldn’t have taken over 20 hours to release the update. Again, shame on you Tim Cook – no matter who the developers responsible are, this happened on your watch.
No, this isn’t a pile-on to call Cook a bad leader, or a signal for Google and Microsoft fanatics to cheer in triumph. Apple will recover from this. But in an alternate reality where this never happened, you’d be foolish not to believe the company outlook would be better.
Right now, stocks are down. People are pissed off. And if you bought a MacBook and wrapped it with care before placing it under the tree, we suggest keeping the receipt handy.
Nobody is saying the sky is falling for Apple just yet. The problem’s been somewhat resolved. But you should be asking yourself if you’d be willing to install Apple’s next operating system on your company computers or not.