Apple has acknowledged a startling security flaw in its macOS High Sierra operating system, which allows anyone to gain administrator access.
The new desktop OS (v10.13.1) enables unauthorised users to login on the Mac’s administrator screen, simply by typing “root” in the username field and clicking login multiple times.
No password is required to exploit the vulnerability, which gives the hacker system administrator privileges that could be used to access sensitive information and commandeer the Mac entirely by altering account information.
After discussion of the issue on Twitter, Apple responded on Tuesday, promising a software fix and offering users step-by-step instructions for a temporary workaround.
Given the severity of the situation, Mac users would be hoping this will be one of Apple’s faster fixes.
In a statement (via TechCrunch) Apple wrote: “We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012.
“If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.”
Related: Best laptops
Apple recommends users can temporarily combat this issue by going to System Preferences > Users & Groups > Login Options > Join > Open Directory Utility > Edit > Enable the Root User > Change Root Password.
Until the proper fix is posted, we’d definitely advise against leaving your Mac open and unattended. Thankfully, the problem doesn’t affect previous versions of macOS.
Can you recall an Apple security flaw as glaring as this? Share your thoughts with us @TrustedReviews on Twitter.