Apple Mac Software Has Login Flaw That Puts Data at Risk

MacOS High Sierra login bug

Effectively, this issue renders any system running macOS High Sierra completely unsecured - as it doesn't just unlock the device, it gives Admin access.

"A password prompt that authenticates as root with an empty password would be a black eye for any OS". A recently uncovered bug appears to allow anyone to login as an administrator merely by entering the username "root" and no password. And there's no security check, according to developer Lemi Ergin, who spotted the bug. You can check your version of macOS by clicking on the Apple logo in the upper lefthand corner of your screen and clicking "About this Mac".

By heading to your device's System Preferences, under Users & Groups, you can click on the lock and get hit with a prompt asking for a username and password to change settings.

Ben Johnson, the chief technology officer of Obsidian Security and a former U.S. National Security Agency computer scientist, described the flaw to IBT as "a hacker's dream". That said, this isn't good for macOS users and it looks bad for Apple. Click the lock to make changes and enter the administrator name and password.

In the dialog that pops up, click on open directory utility, and from the tool's menubar, select the edit item, and then change root password.

IBT reached out to Apple for comment regarding the discovery of the security vulnerability but did not receive a response at the time of publication. Some users have reported triggering the exploit from the login screen, but we could only consistently recreate the issue from System Preferences. Go to Apple's support page here for more information about how that works. So, keep the account enabled and set a root password right now.

Related news: