A flaw in the new operating system MacOS High Sierra makes it possible to gain unrestricted entry to a machine without needing the password.
The bug was discovered by Turkish developer Lemi Ergin. He found that by entering the username “root”, leaving the password field blank, and hitting “enter” a few times, he would be granted unrestricted access.
Those with root access can do more than a normal user, such as read and write the files of other accounts on the same machine. A superuser could also delete crucial system files, rendering the computer useless or install malware that typical security software would find hard to detect.
While Apple works on its fix, it offered a workaround for users concerned about the bug.
“Setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.”
Detailed instructions on how to set the root password can be found on MacRumors.
For those not confident enough to change system settings like this, security experts advise simply don’t let your Mac out of your sight.
If you are in any doubt, or think your machine has been compromised, please Contact Us.