Root Problems and Black Eyes

Yesterday we got news that there was a serious flaw in macOS security that allowed villains to get full access to your Mac without a password with he ability to change personal files without needing any admin credentials.

There are security holes and then there are security holes. This one was about as big as they get. It required physical access but other than that, all bets were basically off. It reminded me of that bug a few years ago at Dropbox where they accidentally made passwords optional. 

I’m using past tense here because today Apple released a patch. I’m guessing right now a few Apple engineeers that were up all night are heading home to get some sleep. Not only can you install the update manually, Apple is pushing this update out on all currently updated Macs regardless of whether their owners go push the button. That should give you an idea of exactly how bad this bug was.

I’m happy that Apple fixed this bug as quickly as they did but the fact that it existed at all is pretty terrible. It’s the kind of thing that casts doubt over the entire operating system. This is definitely a black eye for macOS.

* Correction – Apparently this exploit did not require physical access. It could also be pulled off with remote access. Ugh.