If you are a Mac user be aware of an Apple password bug which has just been revealed.
A serious bug within the Apple’s Mac operating system enables users to gain admin access to a Mac machine without a password.
Apple is working to fix the flaw in MacOS High Sierra, the most recent operating version.
A Turkish developer found that by entering the username “root”, leaving the password field blank, and hitting “enter” a few times, he could get unrestricted access to the target machine.
Logging in with root access allows a user to read and write the files of other accounts on the same machine. A superuser could also delete crucial system files, rendering the computer useless – or install malware that typical security software would find hard to detect.
Fortunately, the bug cannot be exploited remotely so the threat only exists if a malicious person has physical access to the machine. However, if remote access has been granted to the computer, to offer tech support for example, then the flaw could be executed using that connection.
What should you do to protect against the Apple password bug?
Until Apple has fixed the bug it has provided a workaround for users who are concerned.
- Set a root password to prevent unauthorised access to your Mac.
- To enable the Root User and set a password, follow the instructions here.
- If a Root User is already enabled, to ensure a blank password is not set, follow the instructions from the ‘Change the root password’ section.”
MacRumors has provided fuller instructions which can be accessed here.
If you are concerned about the security of your Mac but don’t feel confident to change the settings yourself, please give us a call on 01395 207194. Alternatively, don’t let your Mac out of your sight, and be sure to apply the system update when notified.