The Washington Post
By Hayley Tsukayama
Image courtesy of Apple
Apple issued a patch Wednesday to fix a major flaw that allowed people to gain deep access to computers running its latest operating system without the need for log-in credentials.
Reports of the flaw began circulating Tuesday after security researchers found the vulnerability. The researchers reported it was possible to gain access to a Mac — and its core settings — without having to use its owner’s username and password. Instead, a potential hacker could type “root” into the username field of key settings in the system preferences menu without entering the password.
Practically speaking, a hacker would need either physical access or remote access to a Mac to do damage. Many security researchers said this was a glaring oversight that Apple should have caught, particularly given its reputation for high standards and a reputation (rightfully or not) for better security than PCs.