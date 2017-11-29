'Every baby or child' can exploit critical flaw in Apple's MacOS High Sierra
Computer experts have revealed a critical security hole in Apple’s Macintosh High Sierra operating system, which allows any user to gain full access to a locked computer by simply typing a word into the login window.
Security researchers say typing the word into a Mac’s login screen will immediately bypass its security measures and grant root access to the desktop. The issue leaves any unattended Mac vulnerable to unauthorized access by anyone who is physically present.
Several security experts have already flagged the issue to Apple Support.
Dear @AppleSupport please immediately close the vulnerability in "High Sierra". So many idiots have described exactly how the vulnerability works. Every baby or child then use that gap. pic.twitter.com/o5Z9tW8uz4— Christian Lehnert (@ChrLehnert) November 29, 2017
Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as "root" with empty password after clicking on login button several times. Are you aware of it @Apple?— Lemi Orhan Ergin (@lemiorhan) November 28, 2017
Affected users can protect themselves against the vulnerability by setting a password on the “root” account, Apple said in a statement. The company says it is working on a software update to address the issue.
ALERT: We are aware of an issue with Mac OS High Sierra where a user can log in as root without a password. This can be resolved by setting a root password in the terminal.— CERT NZ (@CERTNZ) November 28, 2017
If you’re not sure how to do this, contact @AppleSupport
