Apple Bug Lets Anyone Log into Devices Running MacOS High Sierra
- Author: Joey Payne Nov 30, 2017,
Nov 30, 2017, 12:41
Ergin said the infrastructure staff at the company he works for had stumbled across the vulnerability, which allows anyone to log into a Mac without a password.
In the tweet, he said: 'Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Then press enter. Sometimes several presses of enter are required, but the outcome is the same - you are logged into the Mac's "root" account, which has full administrator privilege.
Apple issued a statement saying it is working on a software update for the bug and linked to a step-by-step instruction page to prevent unauthorized access. What you need to do is set a root password.
Root is a superuser which overrides other admin systems on Unix-based operating system, including macOS. Press enter. This might throw an error, but try again immediately with the same username: root and empty password. While there are obvious concerns about the vulnerability enabling people to access a Mac, people are also anxious about the implications for malware attacks.
Security experts warned that the security hole was both embarrassing for the company and unsafe, allowing anyone with physical access - and in some instances remote access - to a Mac computer to gain full access to user data.
The MacOS flaw was initially disclosed by security researchers publicly on Twitter.
From there, click on either "Users & Groups" or "Accounts".
Ars Technica confirmed the bug on three different Macs, all of which were tested multiple times. Apple has detailed the content of the update over on its Support website.
This also leads to questions as to why Apple doesn't seem to read or monitor the content on its developers forums.
No doubt a speedy update from Apple on macOS will aim to address the bug.