The Daily Swig Web security digest

‘If you learn one thing in security, it’s humility’

James Walker | 01 December 2017 at 16:20

Top infosec trends in the social media spotlight this week…

The Apple support team is unlikely to look back on this past week with particular fondness, after Turkish developer Lemi Ergin spread word of a vulnerability in the company’s latest operating system that grants Mac administrator access without the need for a password:

It was found that anyone with physical access to a Mac machine running High Sierra can gain administrator access by simply typing ‘root’ as a username on the login screen or via System Preferences and leaving the password field empty.

While the issue has since been patched, Ergin’s decision to disclose the glitch via Twitter split the tech community down the middle:

Unfortunately for Apple, it seems the root access patch comes with its own bug – one that prevents users from accessing shared files between two Mac devices on the same network.

Microsoft was also in the spotlight this week, as one infosec researcher took a closer look at the recently disclosed kernel vulnerability in Windows 10:

Elsewhere, the dust is far from settling on Uber’s recent announcement that an October 2016 hack resulted in the personal details of more than 57 million account holders being compromised.

The ride-hailing firm this week told the Information Commissioner’s Office that 2.7 million Brits had been affected by the data breach. The outpour on social media was perhaps to be expected:

Finally, Yahoo received extensive coverage this week, after 22-year-old Canadian national Karim Baratov pleaded guilty to charges related to his role in a 2014 hack against the company, which resulted in 500 million email accounts being compromised:

Baratov waived extradition from Canada and is being detained in California without bail. His sentencing hearing is scheduled to take place in San Francisco on February 20, 2018.