Apple races to fix password security flaw

Apple is scrambling to fix a newly discovered security flaw that enables people to access Mac computers without a password.

The bug in MacOS High Sierra, the most recent version of the company’s computer operating software, was discovered by Turkish software developer Lemi Ergin, BBC News reports.

Ergin revealed on his Twitter page that anyone can log in to a Mac computer by entering the word “root” as the username, leaving the password field blank and then hitting the enter key a few times.

Subscribe to The Week

Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.

SUBSCRIBE & SAVE

Sign up for The Week's Free Newsletters

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

Sign up

Ergin, whose tweet has been shared “hundreds of thousands of times”, has been criticised for publicly disclosing the security flaw, reports The Daily Telegraph.

Developers typically notify the company in private and allow a fix to be issued before making the fault public, says the newspaper.

According to Mac Rumors, the MacOS High Sierra “trick” allows users to bypass the administrator security systems and “see everything on the computer”.

An Apple spokesperson told the website that the company was “working on a software update to address this issue”.

“In the meantime, setting a root password prevents unauthorised access to your Mac,” the spokesperson said. Click here for instructions on how to carry out the quick fix.

Apple computers running older operating systems, such as El Capitan and Yosemite, are not believed to be affected by the security flaw.