Anyone Can Login Into Your Mac Right Now Without Knowing Your Password Unless You Do This Now To Fix It
Attention Mac users. This is important, in fact very important! A new security bug/flaw has been discovered in macOS High Sierra which lets just about anyone login into your Mac.
Yes. Just about anyone can now login into your Mac as “root” user running macOS High Sierra even if they don’t know your Mac’s password. All they need to do to make this work is to try and login using “root” user and then click on login button repeatedly with empty password field and the system will log them in.
This flaw was discovered by Twitter user Lemi Orhan Ergin and was shared publicly with everyone. Maybe Lemi shouldn’t have shared it publicly with everyone and should have instead reported it to Apple privately, but now that this is made public, it is important to secure your machine now before someone with malicious intent gets access to it.
While the flaw is embarrassing for Apple, the company for its part has immediately issued a notice saying that they are working on an emergency patch for this flaw which should be out soon. In the meantime, Apple suggests a workaround fix for this which involves changing root account’s default “blank” password with something more complex which would make your machine secure from this bug. Apple’s full statement on the matter is as follows:
“We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.”
It is important to note that this bug only affects Macs running any version of macOS High Sierra. All other versions of macOS prior to High Sierra aren’t affected by this. Also, the intruder doesn’t need physical access to your Mac to make this all work as this will even work remotely over Apple Remote Desktop or VNC if Screen Sharing is enabled on the Mac.
Once you have changed the root password as explained in the link given in Apple’s statement above, make sure you remember or keep the new root password in safe place as you might need it later when making system level changes to your computer. Also, once you are done securing your machine, make sure you share this with your friends and family who are Mac users so that they can also secure their computers as soon as possible.