Incident Of The Week: ‘We Stumbled’ On Root Access, Apple Says

Add bookmark
Dan Gunderman
Dan Gunderman
12/01/2017

In the dynamic world of cyber security, breaches are both tightly guarded and, sadly, imminent.

Combing through data, market research and threat-defense efforts taken by enterprises can be a daunting task. Here at Cyber Security Hub, we both track the latest industry news and make it more navigable for the IT professional. CSHub coverage extends outwards – as it helps enterprises batten down their proverbial hatches.

In this edition of “Incident of the Week,” we examine a potentially damaging vulnerability that was built into Apple’s Mac systems. The flaw, revealed by software engineer Lemi Orhan Ergin via Twitter this week, affected Apple’s macOS High Sierra platform (at least version 10.13.1 — 17B48).

Despite the fact that Apple pushed out a patch for the vulnerability – and later rolled out the fix automatically – security researchers are warning users to be cognizant, and the search for corrupted machines is on.

The sizable flaw in the macOS allowed for password-less logins to root accounts, according to Dark Reading.

Apple says it regrets the Mac error and has apologized to its users for the vulnerability itself, and the concern it has caused.

Here’s how the vulnerability may have been exploited: Someone with physical access to the machine could have hijacked it by logging in as “root” and by leaving the password field blank in a Systems Preferences unlock screen.

For the enterprise, this was particularly worrisome, as those who step away, even momentarily, could have become susceptible to an insider attack. That’s because, it’s true, physical access to computers remains a prime concern in the cyber security space.

See Related: Incident Of The Week: Uber's Internal Handling Of Pervasive Hack

John Bambenek, threat research manager at Fidelis Cyber Security, underscored the significance of this flaw by saying that with unattended machines, insiders could have enabled local administrator accounts and bypassed the endpoint’s access controls.

Another side effect of the flaw was an uptick in laptop theft – presumably as a way for cyber thieves to acquire a larger army. In theory, once machines were corrupted – though there have been no accounts of this in the “wild”– phishing campaigns could have dispersed more malicious material to other laptops and devices. These phishing campaigns could have been stationed in email inboxes or hosted on the web.

Reports indicate that the vulnerability bubbled to the surface because the operating system didn’t handle a certain error condition properly.

Although a patch has been deployed, the janitorial process is underway – in cleaning up the machines and ensuring exploits have been kept to a minimum.

Identity and access management (IAM) poses a challenge to the IT professional. In this case, it could have been the basis for a wider phishing and malware campaign. Once granted entry to these Mac devices, hackers may’ve accessed emails, personal data and other material.

See Related: Incident Of The Week: Slip-Up In Mobile App Code Exposes 180M Users

According to Tech Crunch, the flaw was replicated – and worked for screen-sharing sessions as well.

In its patch release, Apple wrote, “Impact: An attacker may be able to bypass administrator authentication without supplying the administrator’s password. Description: A logic error existed in the validation of credentials. This was addressed with improved credential validation.”

In further addressing the issue, Apple wrote, “Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS.

"When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. This morning (Wednesday), as of 8:00 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.

“We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.”

MacOS Login Flaw

Have tips on other buzzworthy incidents? Share them with Associate Editor Dan Gunderman by emailing dan.gunderman@cshub.com.


RECOMMENDED