This week, a major security flaw was found in Apple's MacOS operating system. When lessons can businesses learn from it?
As gaping security holes go, the one recently discovered in MacOS High Sierra was particularly monumental. Uncovered by researcher Lemi Orhan Ergin (who posted it on Twitter, much to Apple’s displeasure), it showed how even the richest, most experienced technology companies in the world can get things frighteningly wrong.
Egin found that by simply entering the word ‘root’ as a username, without a password, before clicking unlock a few times, he could gain access to the operating system with full administrator privileges. That means he could easily unlock a locked Mac running this operating system, before making any changes and installing anything he might feel like.
Two days on, the bug has been fixed. Apple, though perhaps a little red-faced, will barely feel a dent in its reputation (a smaller organisation might have been significantly more damaged).
But the bug fix will only work if users actually install it. Automatic updates will take care of that, if users have them enabled, but not everyone does. Who knows how long it will take for everyone to get up to speed?
What Can We Learn From The MacOS Flaw?
Whatever happens, lessons can be learned for everyone involved.
Apple, for a start, might want to be a bit more on the ball, having missed the fact this flaw was posted on its own developer forum two weeks before it was publicised via Twitter.
Mac users, as well as anyone else who uses a PC, a tablet or smartphone, will be reminded of just how important it is to install updates. As well as cool new features, they often contain security patches, which make software safer to use, protecting you from criminals.
It can be tempting to put off updates, because you feel like you don’t have time to wait for them to install or they don’t seem that important. But the dangers of out-of-date software are very real, and businesses are at just as much risk, if not more, than individuals.
Ultimately, there will always be flaws in software, and cyber criminals will always find ways to exploit them. Fixing these things will always be a reactive process. Nevertheless, the more businesses do to protect themselves against cyber security threats, the less of a target they put on their backs.
Using professional-grade antivirus and firewalls is part of that, of course, but if businesses don’t install updates in a timely fashion, it could potentially be for nothing.