Science & Technology



Bangalore man discovered Apple's major security bug two weeks before anyone else

Seung Lee, The Mercury News on

Published in Science & Technology News

Chethan Kamath is a former patent attorney in Bangalore, India, who is learning to code during what he calls his midlife crisis.

But for some Apple fans from around the world, he's now something of a cult hero.

On Nov. 13, two weeks before anyone knew who he was, Kamath posted on Apple's developers forum on what he thought was a helpful solution to restore administrator access in a Macbook with the new High Sierra operating system. Kamath found a solution -- he said he read it on a forum he can't remember -- of typing in "root" in the "Users & Groups" preferences login page with no password to acquire near-instant administrative access.

"It was late in the night, it was pure frustration, and I tried it out and bam, it worked," said Kamath, who in Apple forums went by his username chethan177. He said in a videoconference interview that he sincerely thought this "root" access was a High Sierra feature.

(The original forum thread now appears to be locked, needing an Apple ID and password to view.)

He did not know it was a security bug of major proportions for all Mac owners with High Sierra.


Turkish developer Lemi Orhan Ergin posted the issue on Twitter -- five days after his staff privately alerted Apple, according to his blog post. The issue blew up in a matter of hours, and Apple scrambled to release a security fix in less than 24 hours with a rare apology.

"Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS," Apple said in a statement.

Meanwhile on social media, Apple fans began talking about who this chethan177 was and how he discovered the bug two weeks before anyone else.

On Reddit, people began speculating who chethan177 might be.


swipe to next page


blog comments powered by Disqus