Apple has acknowledged a startling security flaw in its macOS High Sierra operating system, which allows anyone to gain administrator access.
The new desktop OS (v10.13.1) enables unauthorised users to login on the Mac’s administrator screen, simply by typing “root” in the username field and clicking login multiple times.
No password is required to exploit the vulnerability, which gives the hacker system administrator privileges that could be used to access sensitive information and commandeer the Mac entirely by altering account information.
After discussion of the issue on Twitter, Apple responded on Tuesday, promising a software fix and offering users step-by-step instructions for a temporary workaround.
Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as "root" with empty password after clicking on login button several times. Are you aware of it @Apple?
— Lemi Orhan Ergin (@lemiorhan) November 28, 2017
Given the severity of the situation, Mac users would be hoping this will be one of Apple’s faster fixes.
In a statement (via TechCrunch) Apple wrote: “We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012.
“If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.”
Related: Best laptops
Apple recommends users can temporarily combat this issue by going to System Preferences > Users & Groups > Login Options > Join > Open Directory Utility > Edit > Enable the Root User > Change Root Password.
Until the proper fix is posted, we’d definitely advise against leaving your Mac open and unattended. Thankfully, the problem doesn’t affect previous versions of macOS.
Can you recall an Apple security flaw as glaring as this? Share your thoughts with us @TrustedReviews on Twitter.
Editorial independence
Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.
Professional conduct
We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.
Editorial independence
Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.
Professional conduct
We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.
