Recently, my favorite tech company has been in the news for some very significant security gaps in their applications. Apple has long been branded as very secure software. Frequently, people will say they just don't get a virus. However, there was a security gap that impacted the Macs, which were using their latest software - High Sierra.
This vulnerability allowed root access to any machine running this software. Various sites such as "The Verge" indicate using root to access these machines allow elevated privileges on the machine. It could be used to change Apple ID emails as well as user passwords.
The gap presented a huge dent in Apple's reputation on security. Part of it was the way it was announced- the person who discovered the vulnerability publicly disclosed it on twitter. Interesting enough, Apple has a bug detection program in which they pay for any gaps in their software.
Even more recently, a new vulnerability was discovered in Apple's Home Kit. This vulnerability allowed unauthorized control of accessories connected to HomeKit. 9to5 Mac reports this particular gap has been reported to Apple and was partially fixed in previous iOS and WatchOS updates. Additionally, Apple is expecting to remediate the rest with the next update to iOS.
My big concern is Apple thoroughly testing their software for security vulnerabilities. While a lot of vulnerabilities won't be discovered in the initial development phase, given the significance and scope of these gaps, one would think they aren't testing for security. However, Apple's response to handling this situation has been adequate but they can't continue to have many of these incidents.
References:
Dillet, R. (2017, November 29). Apple releases a macOS security update to fix huge login security flaw. Retrieved December 10, 2017, from https://techcrunch.com/2017/11/29/apple-releases-a-macos-security-update-to-fix-huge-login-security-flaw/
Coldewey, D. (2017, November 28). Huge security flaw lets anyone log into a High Sierra Mac. Retrieved December 10, 2017, from https://techcrunch.com/2017/11/28/astonishing-os-x-bug-lets-anyone-log-into-a-high-sierra-machine/
Welch, C. (2017, November 28). Major Apple security flaw grants admin access on macOS High Sierra without password. Retrieved December 10, 2017, from https://www.theverge.com/2017/11/28/16711782/apple-macos-high-sierra-critical-password-security-flaw
Hall, Z., & Zac Hall @apollozac Zac covers Apple news and product reviews for 9to5Mac and hosts the weekly 9to5Mac Happy Hour podcast. (2017, December 07). Zero-day iOS HomeKit vulnerability allowed remote access to smart accessories including locks, fix rolling out. Retrieved December 10, 2017, from https://9to5mac.com/2017/12/07/homekit-vulnerability/
Comments