Apple has now fixed the major macOS High Sierra security flaw
Apple now has a fix
A Turkish software developer has publicly revealed via Twitter that he has uncovered a massive security bug in macOS High Sierra, Apple’s latest operating system.
Update: Apple has now released a fix for this update, so you should implement it immediately. To do this open up the Mac App Store and click on 'Updates'. Select the security update (2017-001) then click 'Update'. You may also want to follow the steps listed below to make sure you have a root account with a password you have set. Apple has also apologised for the security lapse. The apology, something Apple doesn't make a habit of doing, plus the speed of the fix, shows just how serious the security flaw was.
The flaw grants anyone using a Mac machine admin access by just clicking ‘other’ on the login screen and using ‘root’ as the username, no password needed.
Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as "root" with empty password after clicking on login button several times. Are you aware of it @Apple?November 28, 2017
In fact, access to the computer can also be achieved using the username ‘root’ via System Preferences where, to change essential settings on locked Mac devices, users would normally need to enter their login details.
This bug seems to present in macOS High Sierra 10.13.1 – the current version – as well as in the macOS 10.13.2 beta, but does not affect older versions of macOS, like Sierra or El Capitan.
This doesn’t bode well for users on the latest release of macOS – leaving a Mac unattended could make anyone system administrator without any authentication, even when accessed remotely, revealing sensitive information.
- How to download and instal macOS 10.13 High Sierra right now
- Already running macOS High Sierra and facing problems? Here’s how you can fix them.
Get daily insight, inspiration and deals in your inbox
Sign up for breaking news, reviews, opinion, top tech deals, and more.
While she's happiest with a camera in her hand, Sharmishta's main priority is being TechRadar's APAC Managing Editor, looking after the day-to-day functioning of the Australian, New Zealand and Singapore editions of the site, steering everything from news and reviews to ecommerce content like deals and coupon codes. While she loves reviewing cameras and lenses when she can, she's also an avid reader and has become quite the expert on ereaders and E Ink writing tablets, having appeared on Singaporean radio to talk about these underrated devices. Other than her duties at TechRadar, she's also the Managing Editor of the Australian edition of Digital Camera World, and writes for Tom's Guide and T3.