In an embarrassing moment for Apple, the companyβs customers have found a worrying security flaw in the latest MacOS High Sierra operating system for Mac computers that enables logins without entering a password.
The bug allows users to simply type the username root (without a password) if they want to log into the device. This means anybody can access a Macβs file system, exposing all private documents to the world.
The worst part is that this even works remotely.
Bugs like this are rare occurrences with Apple software. With the previous version of this operating system there were no such issues.
According to Bill Evans, a spokesperson for the company, they were βworking on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac.β
Tests showed that the bug could be used to change all system settings, including storage drive encryption and the deviceβs firewall.
The problem was highlighted on Twitter by Turkish software engineer Lemi Orhan Ergin yesterday.
Until Apple has time to release an update for the operating system with patches to fix the bug, itβs fairly easy to solve the problem by simply setting up a password for the user βrootβ. To do this navigate to System Preferences, choose Users and Group and then click on Login Options on the menuβs left side. Next click Join (adjacent to Account Server) and then Open Directory Utility. Finally, Click Edit in the main menu bar to set up the password.
Edward Snowden, a man who became world famous after leaking vital NSA data to the general public, commented by Tweeting: βImagine a locked door, but if you just keep trying the handle, it says βoh wellβ and lets you in without a key.β
Although an update is likely in the very near future, you can mitigate this issue by enabling root user on your Mac, you can learn how to this here.
Before you go
After spending over 20 years working with Macs, both old and new, theres a tool I think would be useful to every Mac owner who is experiencing performance issues.
CleanMyMac is highest rated all-round cleaning app for the Mac, it can quickly diagnose and solve a whole plethora of common (but sometimes tedious to fix) issues at the click of a button. It also just happens to resolve many of the issues covered in the speed up section of this site, so Download CleanMyMac to get your Mac back up to speed today.
Thanks for the heads up. I did this long ago but will share it.
Chris,
What do you think of the warning for the instructions here? https://support.apple.com/en-gb/HT204012:
βThe root user account is not intended for routine use. Its privileges allow changes to files that are required by your Mac. To undo such changes, you might need to reinstall your system software. You should disable the root user after completing your task. β
Hi Steph, you can enable root user and still log in under your normal account which negates those potential issues.
Hi, Chris,
I just installed the latest security update and hope it fixes the problem, but thanks for your advice.