Tyler Moffitt, an analyst at security company Webroot, said: “This is a very surprising bug that evaded the quality control on MacOS High Sierra. Apparently, this also works on FileVault in the MacOS which makes this bug quite devastating.”
The “root” account is a privileged user with more access to areas of the system and should have been disabled by default.
Apple has published a step-by-step guide to resetting the “root” account password on its support forum.
It said those who wish to change it can access the account details under the System Preferences menu on their Apple computer.
Orhan, a software developer and coach, has faced criticism for his public disclosure, which has since been retweeted hundreds of thousands of times.
Typically, developers who spot flaws will alert a company before allowing a period of time to fix the problem before going public. This stops criminals exploiting security holes. Apple has its own dedicated bug bounty programme where white hack hackers can submit glitches directly.
It appears that only those who updated to the latest operating system are affected.
Article Appeared @http://www.telegraph.co.uk/technology/2017/11/29/apple-security-flaw-anyone-log-mac-computers-without-password/