Apple is reportedly working to fix what has been called a ‘huge’ and ‘unbelievable’ security issue in the latest version of its Mac operating system.
The flaw could means anyone can log in to a computer running MacOS High Sierra without a password via system preferences, using the root user account.
Apple has advised its customers who may be affected to set a password for the device’s root user, which should stop people exploiting the vulnerability.
Apple is reportedly working to fix what has been called a ‘huge’ security issue in the latest version of its Mac operating system. The flaw could means anyone can log in to a computer running MacOS High Sierra without a password using the root user account
Turkish software developer Lemi Orhan Ergin tweeted the tech giant to say he had discovered the bug.
In the tweet, he said: ‘Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra.
‘Anyone can login as ‘root’ with empty password after clicking on login button several times. Are you aware of it @Apple?’
He went on to say: ‘You can access it via System Preferences@Users & Groups@Click the lock to make changes.
‘Then use “root” with no password. And try it for several times. Result is unbelievable!’
Videos posted online show people in the users and groups box typing the username ‘root’ at the login screen, leaving the password field empty, and appearing to get unrestricted access to the machine.
One Twitter user called Mike Hanley said: ‘This is not the password-less future we all had in mind.’
In a statement, Apple said it was ‘working on a software update to address this issue’.
A spokesman for the company said: ‘We are working on a software update to address this issue.
‘In the meantime, setting a root password prevents unauthorized access to your Mac.
‘To enable the Root User and set a password, please follow the instructions here.
Apple has advised its customers who may be affected to set a password for the device’s root user, which should stop cybercriminals exploiting the vulnerability
Videos posted online show people in the users and groups box typing the username ‘root’ at the login screen, leaving the password field empty, and appearing to get unrestricted access to the machine
‘If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the “Change the root password” section.’
To change the root user password, Click on the Apple menu icon, then System Preferences and click Users & Groups (or Accounts).
Click the lock icon, then enter an administrator name and password.
Click Login Options, then click Join, or Edit.
Click on the Open Directory Utility, then click on the lock icon in the Directory Utility window, then enter an administrator name and password.
From the menu bar in Directory Utility, choose Edit, then Change Root Password.
Enter a root password when prompted.