San Francisco: Apple Inc said on Wednesday it would review its software development process a day after a researcher discovered a bug in a new version of its Mac operating system that could give hackers total control of vulnerable machines.
Apple said it released a patch to fix the bug on Wednesday morning and it would be automatically installed on vulnerable machines later in the day.
“We greatly regret this error and we apologise to all Mac users,” Apple said in a statement. “Our customers deserve better. We are auditing our development processes to help prevent this from happening again.” To exploit the bug, a hacker would need to have physical access to a vulnerable Mac when a user is logged on to the computer. The attacker would then need to change settings on the computer to establish a “root” account, which they could later access.
Root accounts give users complete control over a machine.
The US and German governments issued alerts advising Mac users to install the patch.
Apple said its security engineers learnt of the problem on Tuesday afternoon and posted the patch within 24 hours.
“Security is a top priority for every Apple product, and regrettably we stumbled with this release of Mac OS,” Apple said in its statement.
Apple stock was down 2.6 per cent at $168.55 (Dh618.52) on Wednesday during a broad sell-off in tech stocks.
The behaviour in the Mac operating system that led to the bug’s discovery was described by developers on an Apple forum as early as November 13 as a workaround for problem accessing administrator accounts.
Factbox: TRA urges Apple Mac users to upgrade OS
The Telecommunications Regulatory Authority of the UAE (TRA) has urged “Apple Mac” users to update their devices’ operating system after Apple released a new update for MacOS system which addresses a serious bug that allows unauthorised access and control without need to have a password.
The error was identified on Apple’s latest operating system — macOS High Sierra. Users found that typing “Root” in as a username and leaving the password blank would grant access to locked Mac computers.