A flaw has been found on Apple’s Mac operating system for MacBook and iMac, allowing anyone to log in to a locked computer without a password.
The major issue is found on MacOS High Sierra, the latest OS for Mac computers.
The flaw, discovered by developer Lemi Orhan Ergan and his colleagues, affects macOS High Sierra was publicly shared by Lemi Orhan Ergin, who posted his concern and included @Apple and @AppleSupport in his post.
“Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra,” he wrote. “Anyone can login as “root” with empty password after clicking on login button several times. Are you aware of it @Apple?”
To exploit the vulnerability, someone with access to the computer can type “root” and no password in the Users & Groups section of System Preferences.
This gives root access to the computer — meaning a person could operate the device as if they were an administrator and could download malicious software or otherwise compromise the computer.
Apple has released a statement saying that they are working on a solution which will be available as a software update, and is advising Mac users to manually set a password for the Root User login.
“We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac,” an Apple (AAPL, Tech30) spokesperson said in a statement. You can follow the instructions here.
“If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section,” Apple said.
People across the web have been able to duplicate this bug.
The flaw requires physical access for most people, but could work remotely if the user has Remote Desktop enabled. It’s a good idea, as always, to keep your machine in your own possession.