Internet & Security

macOS High Sierra | This update brings back the vulnerability?

The mac OS macOS high Sierra brings more speed, innovations for gamers, and modern video format support, but does it contain a massive leak that makes the Apple iOS vulnerable again?

It has recently come to light that Apple’s current operating system for Mac computers (macOS High Sierra) can override password protection. A computer expert told us on November 30, 2017 via email that anyone with a so-called root account, that is a user account with special administrative power, is able to log into the computer and perform system changes. For this purpose, it is sufficient for computers with the macOS system High Sierra to select the username “root”, not to enter a password and to repeatedly press the log-in button. Apple reacted immediately and released an update to make the leak fixed. But now a recent update might have brought this vulnerability back.

System Update Ruptures Leak
As I reported earlier, the problem with the root leak for Apple has not yet settled. According to some Mac users, they complained that when upgrading from macOS High Sierra 10.13.0 to version 10.13.1, the previous security update is undermined and this makes the system vulnerable again. If you are one of those who first installed the patch and only then upgraded to macOS High Sierra 10.13.1, we recommend a reboot first. Only then the security update can be found again in the App Store. After that, another restart is necessary to close the leak – hopefully – once and for all.

Install the 2017-001 security update as soon as possible!
“Install this update as soon as possible,” the company emphasizes in the release notes for the security update 2017-001 in Mac App Store. The update improves, according to Apple, the protection of macsOS; more details, however, the company has not shared.

Once the update has been downloaded and installed, Apple’s previously recommended interim solution is no longer necessary. So the company had previously recommended to set a password for the root account. This access can be used to change system settings and deactivate protective firewalls, for example. An error of this kind is particularly unpleasant for Apple, because Apple specifically advertises the privacy and security on its devices as Flawless and of high standard. At first, it was unclear how the vulnerability had come about in public.

Root trick works only by key
Make sure to check your computer after the update. This is very easy to test; simply create a new user as a test-user account. If you want to create a user via the system settings, i.e. you want to share this protected system setting, click on the small lock in the lower left corner. A window will appear asking for username and password. If you type in “root” as the user name and then click on “Unprotect” without entering a password, you will not be able to gain root access to the computer. On the other hand, if you press the Enter key, you will get access as root and will be able to change all system settings and create new users. This should no longer be possible after the update.

Shortly after the release of iOS 11, Apple pushed, on September 25, 2017, a new version of its operating system for desktop computers and notebooks. Above all, the group promised more reliability, performance, and speed of work.

New file system: APFS is mandatory for SSD computers
Anyone who has an Apple computer with an SSD hard drive, forced to move to High Sierra (version 10.13) on the new “Apple File System” (APFS) – according to a support document from Apple. In addition, APFS formatted volumes are read only by High-Sierra and Sierra Macs. Users with a Fusion Drive will probably be spared the forced change. For Apple’s iOS mobile operating system, APFS has been mandatory for a while; even the latest smartphones iPhone X, iPhone 8, and iPhone 8 Plus are equipped with it.

Current file system is three-decade old
It’s been 30 years since Apple introduced its HFS Mac file format “Hierarchical File System.” Meanwhile, the demand for new file systems have increased significantly. Files are now huge and the daily amount of data has exploded to new heights. The solution? =APFS
Thanks to 64-bit programming, it should handle large amounts of data better and be optimized for speed, and crash safety. In a demonstration, Apple showed that some actions can be extremely accelerated. So copying several files, which took several minutes under macOS Sierra, happened in a matter of seconds under macOS High Sierra.

More power for gamers
macOS High Sierra comes with the new graphics interface Metal 2. It is said to work up to ten times faster for individual operations (such as draw call throughputs) and to make more use of the power of new graphics cards and GPUs. Apple itself uses the Metal 2 interface in macOS High Sierra for its new window manager. With it, the opening, moving, and overlaying windows in the operating system should work more fluid than ever. Good for power users who do not have the built-in graphics of MacBooks. Apple also offers an adapted version of Metal 2 for external graphics cards (eGPUs,) which are connected via Thunderbolt 3. A special kit with AMD Radeon RX580 and USB-C hub is available for developers.

Is Apple joining VR?
Exciting: Apple offers its own graphic interface for Virtual Reality (VR.) Is this the secretive entry into virtual reality, which the manufacturer has so neglected so far? In addition, the Safari browser gets a small upgrade. It should be much faster in future and on request block the automatic playback of videos. Smaller improvements are probably synonymous for iCloud, FaceTime, news, and notes.

macOS High Sierra stores videos with up to 40 percent less storage space, since the new 4K codec “H.265” (or “HEVC”) is installed.

About the author

Adil Khan

Adil Khan

Adil Khan is a 30 years old Nerd who has been playing with his toys, computers and electronics, since the late 90's. His passion lies in the digital world of 1's and 0's i.e. until quantum computers are available for purchase :)

Add Comment

Click here to post a comment