large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

This Apple macOS High Sierra security flaw is as bad as you’ll ever see

Apple has acknowledged a startling security flaw in its macOS High Sierra operating system, which allows anyone to gain administrator access.

The new desktop OS (v10.13.1) enables unauthorised users to login on the Mac’s administrator screen, simply by typing “root” in the username field and clicking login multiple times.

No password is required to exploit the vulnerability, which gives the hacker system administrator privileges that could be used to access sensitive information and commandeer the Mac entirely by altering account information.

After discussion of the issue on Twitter, Apple responded on Tuesday, promising a software fix and offering users step-by-step instructions for a temporary workaround.

Given the severity of the situation, Mac users would be hoping this will be one of Apple’s faster fixes.

In a statement (via TechCrunch) Apple wrote: “We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012.

“If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.”

Related: Best laptops

Apple recommends users can temporarily combat this issue by going to System Preferences > Users & Groups > Login Options > Join > Open Directory Utility > Edit > Enable the Root User > Change Root Password.

Until the proper fix is posted, we’d definitely advise against leaving your Mac open and unattended. Thankfully, the problem doesn’t affect previous versions of macOS.

Can you recall an Apple security flaw as glaring as this? Share your thoughts with us @TrustedReviews on Twitter.

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have 9 million users a month around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.