Apple has pledged to review its software development process a day after a researcher discovered a bug in a new version of its Mac operating system that could give hackers total control of vulnerable machines.
Apple said it released a patch to fix the bug on Wednesday morning and it would be automatically installed on vulnerable machines later in the day.
‘We greatly regret this error and we apologize to all Mac users,’ Apple said in a statement.
‘Our customers deserve better. We are auditing our development processes to help prevent this from happening again.’
To exploit the bug, a hacker would need to have physical access to a vulnerable Mac when a user is logged on to the computer.
The attacker would then need to change settings on the computer to establish a ‘root’ account, which they could later access.
Root accounts give users complete control over a machine.
The U.S. and German governments issued alerts advising Mac users to install the patch.
Apple said its security engineers learned of the problem on Tuesday afternoon and posted the patch within 24 hours.
‘Security is a top priority for every Apple product, and regrettably we stumbled with this release of Mac OS,’ Apple said in its statement.
Apple stock was down 2.6 percent at $168.55 on Wednesday during a broad selloff in tech stocks.
The behavior in the Mac operating system that led to the bug’s discovery was described by developers on an Apple forum as early as Nov. 13 as a workaround for problem accessing administrator accounts.
Apple previously advised its customers who may be affected to set a password for the device’s root user, which should stop people exploiting the vulnerability.
Turkish software developer Lemi Orhan Ergin tweeted the tech giant to say he had discovered the bug.
In the tweet, he said: ‘Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra.
Videos posted online show people in the users and groups box typing the username ‘root’ at the login screen, leaving the password field empty, and appearing to get unrestricted access to the machine
‘Anyone can login as ‘root’ with empty password after clicking on login button several times. Are you aware of it @Apple?’
He went on to say: ‘You can access it via System Preferences@Users & Groups@Click the lock to make changes.
‘Then use “root” with no password. And try it for several times. Result is unbelievable!’
Videos posted online show people in the users and groups box typing the username ‘root’ at the login screen, leaving the password field empty, and appearing to get unrestricted access to the machine.
One Twitter user called Mike Hanley said: ‘This is not the password-less future we all had in mind.’