* A Turkish developer Lemi Orhan Ergin has found a serious flaw that gives anyone access to your Mac
* This could be done by simply typing “root” and logging in with empty password
* Apple has since provided a software update to fix the problem and provided a link for alternative solution
A major Apple security flaw that puts the personal data of MacOS High Sierra users at risk has been discovered.
The vulnerability mainly affects users who haven’t disabled their guest user account or changed their root password. By just typing ‘root’ as the username when prompted to log in, anyone can access such Mac computer.
Turkish developer Lemi Orhan Ergin was the first to spot the flaw and promptly tweeted Apple support to report the ‘huge security issue’. His tweet reads:
“Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as “root” with empty password after clicking on login button several times. Are you aware of it @Apple?”
— Lemi Orhan Ergin (@lemiorhan) November 28, 2017
Apple has since released a security update to address the problem. Users can install the fix by going to Mac App Store and click on “Updates” tab.
Alternatively, users can address this flaw by changing the root user password manually. The guide for doing that can be found here.