A major security flaw has been discovered in Apple’s macoS High Sierra. The flaw gives anyone access to your system without a password. The security flaw was discovered by developer Lemi Ergin who posted about the flaw on Twitter.
The security flaw will let anyone log into an admin account on your Mac without the need for a password. This is done by simply setting the username to ‘root’ and then logging in with a blank password field.
Once this feature has been enabled on a Mac, the ‘root’ username can then be used to login to the login screen without the need for a password. A way to stop this on your Mac is to enable the root account on your Mac and then setup a password for it. This will ensure that noone can login without needing to put in a password.
Apple are now aware of the issue and are working on a fix for it, you can see an official statement from them below.
We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.”
As soon as we get some details on exactly when Apple will be releasing the software update for macOS High Sierra, we will let you guys know.