Apple Bug Lets Anyone Log into Devices Running MacOS High Sierra

For now, the best you can do to protect your Mac is to set a root password, you can view the necessary steps here.

Ergin said the infrastructure staff at the company he works for had stumbled across the vulnerability, which allows anyone to log into a Mac without a password.

In the tweet, he said: 'Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Then press enter. Sometimes several presses of enter are required, but the outcome is the same - you are logged into the Mac's "root" account, which has full administrator privilege.

Apple issued a statement saying it is working on a software update for the bug and linked to a step-by-step instruction page to prevent unauthorized access. What you need to do is set a root password.

Root is a superuser which overrides other admin systems on Unix-based operating system, including macOS. Press enter. This might throw an error, but try again immediately with the same username: root and empty password. While there are obvious concerns about the vulnerability enabling people to access a Mac, people are also anxious about the implications for malware attacks.

Security experts warned that the security hole was both embarrassing for the company and unsafe, allowing anyone with physical access - and in some instances remote access - to a Mac computer to gain full access to user data.

The MacOS flaw was initially disclosed by security researchers publicly on Twitter.

From there, click on either "Users & Groups" or "Accounts".

Yet despite this, Apple has enjoyed a good security reputation for many years, although flaws, bugs and vulnerabilities are increasingly being discovered and patched.

Ars Technica confirmed the bug on three different Macs, all of which were tested multiple times. Apple has detailed the content of the update over on its Support website.

This also leads to questions as to why Apple doesn't seem to read or monitor the content on its developers forums.

No doubt a speedy update from Apple on macOS will aim to address the bug.

  • Joey Payne