Skip to main content

Apple fixes major macOS High Sierra security flaw

(Image credit: Image Credit: Andrea Danti / Shutterstock)

Apple has released a guide to fix a flaw which allowed anyone to log into macOS High Sierra without needing password. 

The vulnerability allows users of macOS 10.13 to gain admin rights, or log in as root, simply by clicking a login box several times.

The flaw was first disclosed to the world by developer Lemi Orhan Ergan via Twitter. Apparently, the flaw was discussed on Apple's developer forums earlier, but the company failed to take action - although it is reportedly working on a software patch now.

To exploit the vulnerability, users simply needed to bring up the authentication dialog box, which is often done if needing to configure privacy or network settings. Once the dialog box appears, type in 'root' as a username. Leave the password blank, press Enter, then click 'unlock' a couple of times and voila – access granted.

Fortunately, the workaround to the flaw appears simple – all users need to do is configure a root password and the flaw will no longer work.

Also, it is important to notice that if you have remote desktop access enabled, hackers could actually gain access to your computer without being physically present. With the assistance of the above mentioned flaw, that is.

You can read more about this flaw on this link.  

Image Credit: Andrea Danti / Shutterstock