Update: Apple has now released a security update for macOS High Sierra that should close the loophole. You can see the security update and download it here.
A “devastating” flaw has been discovered in Apple’s macOS High Sierra operating system that allows anyone to log into your MacBook or iMac and gain administrator access without knowing the password.
The bug, discovered by Turkish developer Lemi Ergin, involves simply entering the word “root” into the username field on the login screen and leaving the password field blank.
Ergin then found that if you pressed “Enter” a number of times it would automatically log you in giving you completely unrestricted access to the machine as well as administrator privileges.
This flaw only works if you have physical access to the device or machine, it will not work remotely.
According to security experts the flaw only affects machines that are running the latest version of Apple’s operating system called High Sierra.
If you are running Sierra then this does not affect your machine and the advice is to almost certainly not update your MacBook or iMac until Apple issues an update.
Tyler Moffitt, Senior Threat Research Analyst at Webroot described the bug as “devastating” but was relieved to learn that, “as of right now, there is not any mention of malware that leverages this security flaw.”
In a statement to HuffPost UK an Apple spokesperson said: “We are working on a software update to address this issue.”
Apple has also provided a temporary fix until the software has been updated:
“In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.”
Apple unveiled its new operating system back in June as a minor cosmetic update but one that contained some pretty major changes to the way that Macs and MacBooks operate.
This included a new video language that would make files smaller yet still retain their original quality.
Other updates included graphics improvements and the ability for iMacs to start supporting virtual reality headsets like HTC’s Vive.