‘This is really bad’: Snowden blasts Apple’s admin access security flaw

‘This is really bad’: Snowden blasts Apple’s admin access security flaw
NSA whistleblower Edward Snowden has criticized the jaw-dropping security flaw that allows users to log in as an administrator on an Apple Mac operating on High Sierra without even entering a password.

READ MORE: Lawmakers endorse renewing NSA’s most controversial spying powers

The vulnerability, which involves simply entering ‘root’ in the login and leaving the password blank before twice hitting ‘enter’, means that those who take advantage of it can view files and change the passwords of users on the same machine.

For Snowden, the bug is a reflection of just how easy it is to be hacked, and shows exactly why people must be vigilant about resisting government efforts to weaken protections. “This is really bad, but will be fixed,” the whistleblower wrote on Twitter, before adding a warning about government agencies like the FBI pushing for “‘reasonable’ encryption.”

Earlier, Snowden had described the error as being akin to a locked door that lets you in as long as you keep trying the handle. Tech experts believe the flaw leaves computers using the High Sierra operating system open to attacks from malware.

"We always see malware trying to escalate privileges and get root access," Patrick Wardle, a security researcher with US tech firm Synack, told Wired. "This is [the] best, easiest way ever to get root, and Apple has handed it to them on a silver platter."

READ MORE: ‘Humans guilty in most cyber hacks, not computers’ – Britain’s ‘greatest fraudster’ to RT (VIDEO)

Apple responded to the revelations Tuesday by confirming that it is working on an update to remedy the problem in its macOS High Sierra, but until then it has published a step-by-step guide to help users protect their machines.

Meanwhile, it has emerged that the vulnerability was shared on one of Apple’s own developer forums following an enquiry by one user who was unable to log in to their computer as an administrator. The tip was posted on November 13.