A glaring security flaw built into the latest version of Apple’s desktop operating system has made it possible for anyone to log into any computer running macOS High Sierra. The vulnerability was revealed midday Tuesday.
According to a post on Twitter by Lemi Orhan Ergin (and since confirmed by Fortune), Apple computers can be logged into using the “root” username accompanied by a blank no password. The bug may not work the first time the user clicks “unlock” but upon subsequent attempts the system will accept the login credentials.
Apple responded to Ergin’s tweet an hour after he made his post. In a statement to Fortune, an Apple spokesperson said the company was working on a software update to address this issue. In the meantime it recommends that affected users set a root password to prevent unauthorized access to their Macs:
MacOS’s Root User is system administrator or “superuser” account intended for making changes to files that are typically protected by Apple’s operating system. Most users have not enabled the root user account, one reason that makes this flaw all the more troubling. Thankfully a simple change of password should resolve the issue.