Forgot your password?

Back to login

Security flaw allows admin access in new Apple OS
December 11, 2017, 4:42 pm

A major security lapse by Apple in its latest desktop operating system (OS), High Sierra, allows anyone with physical access to a Mac computer running the latest OS to gain system administrator access without so much as entering a password.

Apple confirmed that it is working on a software update to fix the issue and meanwhile published step-by-step instructions to help customers protect their machines.

The vulnerability, which was publicly disclosed on Twitter last week, is alarmingly simple to replicate and bypass High Sierra’s login screen. Though the flaw does not affect Sierra or other previous OS versions of Apple, it is present in the current release of High Sierra (MacOS 10.13.1.)

When the security breach is exploited, the user is authenticated into a ‘System Administrator’ account and is given full ability to view files and even reset or change passwords for pre-existing users on that machine. Apple ID email addresses tied to users on the Mac can be removed and altered, as well. There are likely many more ways that someone taking advantage of the issue could wreak havoc on a Mac desktop or laptop.

The level of unbridled access this security hole permits will almost certainly prompt Apple to move fast in releasing an update for its Mac operating system. The company has not yet provided a release timeframe for that update.

Until that happens, the best way to protect your Mac against the issue reported today is by ensuring that you have set a root password. To do that, go to System Preferences > Users & Groups > Login Options > Join > Open Directory Utility > Edit. Enable the Root User if you haven’t already and then choose Change Root Password.

Share your views

"It is hard to fail, but it is worse never to have tried to succeed."

"Envy comes from wanting something that isn't yours. But grief comes from losing something you've already had."

Photo Gallery