The glitch in MacOS High Sierra – the most up-to-date version of Apple’s operating system – allows easy access to a computer as well as privileged administration rights.
Until it is fixed, anybody with physical access to a laptop or desktop could access, change or wipe personal files on the system without needing any login credentials.
In extreme cases, someone could install malicious software without the owner knowing, including keystroke logging software to capture personal information.
Apple said it was working on a fix, and has published a guide on how to fix it. “We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorised access to your Mac,” it said
Security experts described the bug as “huge” and potentially “very surprising”. “
Turkish developer Lemi Orhan, who discovered the glitch, revealed that the Mac log-in screen can be cracked simply by entering the word “root” as a username and hitting enter twice, without having to enter a password.
Orhan alerted Apple of the issue on Twitter yesterday evening. He wrote: “Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as “root” with empty password after clicking on login button several times. Are you aware of it @Apple?”