Apple’s macOS High Sierra has a ridiculously simple security flaw that lets anyone log into any Mac

Without explaining what the actual bug is (we don’t want to make it any easier for potential hackers than this already is, and you can find it on Twitter pretty easily), someone can login to a Mac by typing a word in the login field, leaving the password field blank, and attempting to log in several times.

Eventually the system will let you in with full access, according to security researchers.

If you have an Apple computer running the latest version of the company’s software, macOS High Sierra, be warned: It might be possible for someone to quite easily get into your computer without your login credentials.

You can also use this same flaw to access System Preferences on a computer whose settings you don’t have access to. Quartz wasn’t able to recreate the login bug, but was able to edit who has access to a computer in System Preferences on a Mac running macOS High Sierra 10.13.1.

Apple is aware of the bug, and sent Quartz the following statement on how to patch the login flaw for now:

We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.

Leave a Reply

Your email address will not be published. Required fields are marked *