Apple’s MacOS High Sierra has a major security bug, and here is how to fix it

A security bug in Apple’s new Mac operating system allows anyone to gain full admin control of a computer without needing to enter a password — possibly even remotely.

Yes, it’s as bad as it sounds.

Thanks to the bug, a user can gain unauthorized access into a Mac running MacOS High Sierra by logging in as “root” for username and clicking on the login button a few times without needing to enter a password. The bug is reportedly not in any other MacOS.

The bug is able to work remotely through third-party software called VNC and Apple-owned Remote Desktop software, according to several accounts on social media.

The bug was discovered Tuesday by Turkish developer Lemi Orhan Ergin, and Apple confirmed the bug in the afternoon. It is unclear if Apple previously knew about the bug.

Apple issued a statement saying it is working on a software update for the bug and linked to a step-by-step instruction page to prevent unauthorized access.

“We are working on a software update to address this issue,” said Apple in a statement. “In the meantime, setting a root password prevents unauthorized access to your Mac…If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.”

For those who do have High Sierra on their Mac and have experienced this bug, the best course of action is, as Apple says, to create a root password. Here’s how:

Go to System Preferences, then to Users & Groups. Click the lock icon and enter your administrator name and password. Click Login Options, then click Join (or Edit). Click Open Directory Utility, choose the lock icon and re-enter the administrator name and password. In the menu bar in Directory Utility, click Edit then Enable Root User. Voila, you can enter your new root password.

It is unclear when Apple will update High Sierra with the patch.

Photo: Members of the media photograph the new Apple MacBook Pro laptop during a product launch event on Oct. 27, 2016 in Cupertino. (Stephen Lam/Getty Images)


Tags: , , ,


Share this Post