'It's crazy these kinds of bugs keep blowing up. Maybe this is something that will encourage them to go down that path,' Wardle says. Apple does have a bug bounty, but only for iOS, not MacOS. Wardle argues that those flaws might have been caught earlier if Apple offered a 'bug bounty' for information about security vulnerabilities in its desktop software, just as most other companies do. And another shocking bug showed the user's password as a password hint when they try to unlock an encrypted partition on their machine known as an APFS container. On the day the operating system launched, Wardle found that malicious code running on the operating system could steal the contents of its keychain without a password. The face-palm worthy bug is only the latest in a disturbing series that have plagued High Sierra. And I saw the security issue with my eyes. 'They informed me and tried on my machine too. High Sierra's 'root' bug was first revealed by Turkish software developer Lemi Orhan Ergin, who says security staff at his company stumbled on the issue while trying to help a user get back into their account. 'This is best, easiest way ever to get root, and Apple has handed it to them on a silver platter.'
