Apple has recently stated that it is in the process of addressing a serious bug found within its latest OS, High Sierra. The bug allows users to access the system and all administrator rights without a password.
The bug was discovered by a Turkish developer named Lemi Ergin. Ergin discovered that he could enter any High Sierra MacOS by simply entering the username “root” and leaving the password field blank. Upon hitting the enter key a few times he would be granted unfettered access into the system.
Apple immediately released a statement saying that it was “working on a software update to address this issue”.
However, the discoverer of the defect has been greeted with an unusual amount of rage. Ergin was accused by many of neglecting to follow the disclosure guidelines created for security professionals. These guidelines instruct all security experts to notify companies of any flaws in their products and allow them a fair amount of time to fix the flaws before going public with the discovery.
While Ergin has remained silent in the face of the accusations, many wonder if he did out Apple just to garner some publicity. There are some, however, who believe that Apple was notified of the discrepancy from the beginning.
When asked if the company was aware of the flaw beforehand, Apple refused to comment. However, a member of Apple’s support forums had posted details of the flaw over two weeks ago, leading the internet community to conclude that Apple chose to neglect the bug until it hit the mainstream media.
Unfortunately for Apple, security experts have opined that the bug is remarkably simple, and have labelled it a “howler”.
As such, Apple’s neglect is likely to affect its own reputation more than Ergin’s.