Apple has advised customers to set an administrative password while it resolves a security issue in the latest version of its Mac operating system.
A “huge” flaw in MacOS High Sierra means it is possible for anyone using an Apple computer to access an admin account without even entering a password, if the computer has first been free to access while unlocked.
Apple issued instructions through its support website to help protect customers from any potential hacks while it is “working on a software update to address this issue”.
The quick fix comes by creating a password for the computer’s “superuser” account, which is used for system administration and on Macs is known as “root”.
“Setting a root password prevents unauthorised access to your Mac,” Apple said.
“If a root user is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section,” it added.
The bug was first reported by Turkish software developer Lemi Orhan Ergin, who contacted Apple on Twitter to inform it of the “unbelievable” find.
Videos posted online show people using the hack at the login screen, leaving the password field empty, and appearing to get unrestricted access to the machine.
Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as "root" with empty password after clicking on login button several times. Are you aware of it @Apple?
— Lemi Orhan Ergin (@lemiorhan) November 28, 2017
One Twitter user said: “This is not the password-less future we all had in mind.”
Despite the ease of the hack, Open University’s Professor Blaine Price urged people not to be too worried.
He said: “This flaw is one of the most serious I have seen, mainly because it requires no technical skill, but the risks for ordinary people are probably a bit less than people are making it out to be.
“The number of people who can exploit this attack is limited to those who can walk up to your computer.
“The vulnerabilities you need to really worry about are those that can be exploited by anyone on the planet (those that leave your computer vulnerable to attack from anywhere on the internet) and this doesn’t appear to be that kind.”
Prof Price recommended not upgrading to new versions of major operating systems until all the bugs have been ironed out, and suggested that running the latest patched version of a second-to-last operating system can often be safer.
