A major security flaw was uncovered in Apple's MacOS High Sierra, the tech giant's latest software for Macs, which allows anyone to get admin access without any real hacking. The flaw allows anyone admin access without a password. The flaw was publicly exposed by security researchers on Twitter, which will likely induce Apple to push out a quick fix.
While attempting to log in, all one has to do is type "root" as the username, leaving the password field blank and click on the "unlock" button twice to immediately gain complete access to the computer.
"We always see malware trying to escalate privileges and get root access," Patrick Wardle, a security researcher with Synack, told Wired. "This is the best, easiest way ever to get root, and Apple has handed it to them on a silver platter."
Wardle took to Twitter to report that the attack could also work remotely, if certain sharing services were enabled on a targeted Mac.
The Apple root flaw was first revealed on Twitter by Turkish software developer Lemi Orhan Ergin. The researcher told Wired that his company's staff uncovered the issue while attempting to help a user gain back access to their account. "They informed me and I tried on my machine too. And I saw the security issue with my eyes. That was scary," Ergin reportedly said.
The Verge reported that the flaw could allow anyone the ability to view all files and even reset users' systems as well as their Apple ID usernames and passwords. The bug could potentially allow malicious hackers a variety of leverages to conduct intrusive attacks.
How to stay safe
Apple has reportedly confirmed the security flaw. The Verge reported that the tech giant said that it is working on the issue. Meanwhile, Apple has published a step-by-step guide on how users can protect themselves from the bug.
According to Apple's guidelines, the simplest way to avoid any potential attacks via the flaw is to set a root password. You can do this by clicking on System Preferences on the Apple menu, then clicking on Users & Groups (or Accounts). The next step is to click on Login Options, then click on Join (or Edit). Once that is done, click on Open Directory Utility and enter a username and password. Next, to enable the Root User (if you have not done that already), click on the menu bar within the Directory Utility window and then choose Change Root Password. You can also choose Disable Root User.