There's an embarrassing and unsafe security hole in the latest Mac software

The glitch is a rare and potentially embarrassing failure for Apple whose software is generally known for being less prone to hacking and malware infections than Windows software

The glitch is a rare and potentially embarrassing failure for Apple whose software is generally known for being less prone to hacking and malware infections than Windows software

The issue allows someone to authenticate as a "system administrator" with the ability to view files and change details in user accounts.

That's because developer Lemi Orhan Ergin has revealed a huge security vulnerability in High Sierra that anyone can exploit to gain full admin privileges and access to the root account on your Mac.

If you type in "root" as the username, leave the password box blank, hit "enter" and then click on unlock a few times, the prompt disappears and, congrats, you now have admin rights. Anyone can login as "root" with empty password after clicking on login button several times. If you want to protect yourself, physically keep your Mac on lockdown for now, until Apple releases a software update, which we expect will come out in the next 24-48 hours due to the severity of this bug.

CNET independently confirmed this security flaw exists and reached out to Apple about the issue.

Many people responding to that tweet said they were relieved to learn that this extremely serious oversight by Apple does not appear to be exploitable remotely.

Des Moines-based Meredith announces deal to buy Time Inc
Some of the media company's popular magazines include Better Homes & Gardens, Parents and Family Circle . Media watchdogs have expressed concern over the potential influence of the Koch brothers on Time Inc .

A demonstration of the security flaw.

Click the lock in the bottom left corner to unlock, then go to Edit (in the menu on your Mac) and "Change Root Password".

This is a developing story.

Disabling the root account in the open directory utility tool does not work, as the root account becomes re-enabled when entered into the user name field on login. Then, click the "Join" button beside "Network Account Server" and a new panel will pop up.

Let's make this clear: this is a huge mistake on Apple's part, even if there's a relatively simple fix. After signing in as a guest, it was possible to change security settings and install apps and software updates from the Mac App Store, just by typing the user name "root". Users can prevent an attacker from exploiting a bug by creating a "root" account themselves and giving it a custom password.

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.