News

This huge security flaw allows literally anyone to log into your Mac

Posted by
Emily Reynolds
Published
There's been a gigantic security flaw that lets anyone log into your Mac

Leaving your laptop open or unlocked is a mug’s game, isn’t it? Leave it unattended for longer than three minutes and your CV will have been edited to list ‘masturbation’ as a hobby or interest, your Facebook status will have been updated and your email signature amended. No good at all.

You’ll be really happy to hear, in that case, that there’s a massive security flaw that will allow anyone to unlock your Mac using a single word! Yay!

The flaw happens on the latest operating system, High Sierra (version 10.13.1), and allows anyone to log in by typing ‘root’ in the username field. 

According to TechCrunch, the bug is ‘most easily accessed’ via Preferences. 

“The bug is most easily accessed by going to Preferences and then entering one of the panels that has a lock in the lower left-hand corner,” they explain. “Normally you’d click that to enter your username and password, which are required to change important settings like those in Security & Privacy.”

But now, someone would just need to enter ‘root’ instead of your user name – after a few goes, it’ll give them access to everything. Not great, is it.

Apple has released a statement on the flaw, saying it is “working on an update to address the issue”. 

“In the meantime, setting a root password prevents unauthorized access to your Mac,” it says. “To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.”

Obviously this is a huge security risk that could do more damage than an errant CV edit - so make sure you keep an eye on your Mac until the problem is sorted.