In an embarrassing moment for Apple, the company’s customers have found a worrying security flaw in the latest MacOS High Sierra operating system for Mac computers that enables logins without entering a password.
The bug allows users to simply type the username root (without a password) if they want to log into the device. This means anybody can access a Mac’s file system, exposing all private documents to the world.
The worst part is that this even works remotely.
Bugs like this are rare occurrences with Apple software. With the previous version of this operating system there were no such issues.
According to Bill Evans, a spokesperson for the company, they were “working on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac.”
Tests showed that the bug could be used to change all system settings, including storage drive encryption and the device’s firewall.
The problem was highlighted on Twitter by Turkish software engineer Lemi Orhan Ergin yesterday.
Until Apple has time to release an update for the operating system with patches to fix the bug, it’s fairly easy to solve the problem by simply setting up a password for the user ‘root’. To do this navigate to System Preferences, choose Users and Group and then click on Login Options on the menu’s left side. Next click Join (adjacent to Account Server) and then Open Directory Utility. Finally, Click Edit in the main menu bar to set up the password.
Edward Snowden, a man who became world famous after leaking vital NSA data to the general public, commented by Tweeting: “Imagine a locked door, but if you just keep trying the handle, it says ‘oh well’ and lets you in without a key.”
Although an update is likely in the very near future, you can mitigate this issue by enabling root user on your Mac, you can learn how to this here.