A new report posted this afternoon warns that a significant security flaw in High Sierra has been discovered that allows anyone to log in without a password, potentially making private user data vulnerable. The glitch is a rare and potentially embarrassing failure for Apple, whose software is generally known for being less prone to hacking and malware infections than Windows software from Microsoft Corp. The previous version of the operating system didn’t appear to be affected by the bug.
Bloomberg noted that “Edward Snowden, a key voice in the information security community after being the center of many years of National Security Agency leaks, commented on the disclosure. ‘Imagine a locked door, but if you just keep trying the handle, it says ‘oh well’ and lets you in without a key,’ he wrote on Twitter.
Until Apple releases a new version of the software or patches the flaw, users can fix the issue by assigning their own password to the root account. This can be done by navigating to System Preferences, selecting Users and Groups, clicking Login Options on the left side of the menu, clicking the Join button next to Network Account Server, clicking Open Directory Utility, then clicking Edit in the Mac’s menu bar to assign a password. Apple also has instructions available on its website. For more read the full Bloomberg report here.
Macworld offers an 8 Step process to help you manually fix the flaw here until Apple delivers an OS update.
About Making Comments on our Site: Patently Apple reserves the right to post, dismiss or edit any comments. Those using abusive language or negative behavior will result in being blacklisted on Disqus.