Critical Security Flaw Discovered In macOS High Sierra




A major security flaw has been discovered in Apple's macOS High Sierra that gives any body access to the system without the need of a password.

According to developer Lemi Ergin who discovered the flaw and posted it on Twitter, the flaw allows access to a system running macOS High Sierra without the need for a password. 

 The developer explained that once the user name has been set to 'root', anyone can login with a blank password (the password field would be left blank). However, he went on to explain how to stop this.


Mac users can disable this flaw is to enable the root account on your Mac and then setup a password for it. When this is done, no one would be able to login without the need to password.

Apple has made an official statement and has admitted that they are aware of the issue and are working on a fix for it

"We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac. To enable this the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the 'Change the root password' section," an official statement from Apple read.

UPDATE: Apple has rolled out a patch to fix the flaw

;

No comments

Powered by Blogger.