A security bug in Apple’s new Mac operating system allows anyone to gain full admin control of a computer without needing to enter a password — possibly even remotely.
A security bug in Apple’s new Mac operating system allows anyone to gain full administrator control of a computer without needing to enter a password — possibly even remotely.
Yes, it’s as bad as it sounds.
Related Articles
InfoBlox Santa Clara headquarters bought in $52 million deal that shows Silicon Valley market strength
Consumer tech expert Carolina Milanesi on the hottest gadgets this holiday season
Apple takes down Skype app in China; FCC says net neutrality on the way out
Sell your Tesla stock? Marvell gets in the chips with Cavium deal
Will Apple spar with authorities over unlocking Texas shooter’s iPhone? Thanks to the bug, a user can gain unauthorized access into a Mac running MacOS High Sierra by logging in as “root” for username and clicking on the login button a few times without needing to enter a password. The bug reportedly is not in any other MacOS.
The bug is able to work remotely through third-party software called VNC and Apple-owned Remote Desktop software, according to several accounts on social media.
The bug was discovered Tuesday by Turkish developer Lemi Orhan Ergin, and Apple confirmed the bug in the afternoon. It is unclear if Apple previously knew about the bug.
Apple issued a statement saying it is working on a software update for the bug and linked to a step-by-step instruction page to prevent unauthorized access.
“We are working on a software update to address this issue,” Apple said in the statement. “In the meantime, setting a root password prevents unauthorized access to your Mac… If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.”
For those who do have High Sierra on their Macs and have experienced this bug, the best course of action is, as Apple says, to create a root password. Here’s how:
Go to System Preferences, then to Users & Groups. Click the lock icon and enter your administrator name and password. Click Login Options, then click Join (or Edit). Click Open Directory Utility, choose the lock icon and re-enter the administrator name and password. In the menu bar in Directory Utility, click Edit and then click Enable Root User. Voila, you can enter your new root password.
It is unclear when Apple will update High Sierra with the patch.
