Here’s how to fix that very serious password bug on your Mac

Apple has advised customers to set an administrative password while it resolves a security issue in the latest version of its Mac operating system.

A “huge” flaw in MacOS High Sierra means it is possible for anyone using an Apple computer to access an admin account without even entering a password, if the computer has first been free to access while unlocked.

Apple issued instructions through its support website to help protect customers from any potential hacks while it is “working on a software update to address this issue”.

(Anthony Devlin/PA)

The quick fix comes by creating a password for the computer’s “superuser” account, which is used for system administration and on Macs is known as “root”.

“Setting a root password prevents unauthorised access to your Mac,” Apple said.

“If a root user is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section,” it added.

The bug was first reported by Turkish software developer Lemi Orhan Ergin, who contacted Apple on Twitter to inform it of the “unbelievable” find.

Videos posted online show people using the hack at the login screen, leaving the password field empty, and appearing to get unrestricted access to the machine.

One Twitter user said: “This is not the password-less future we all had in mind.”

Despite the ease of the hack, Open University’s Professor Blaine Price urged people not to be too worried.

He said: “This flaw is one of the most serious I have seen, mainly because it requires no technical skill, but the risks for ordinary people are probably a bit less than people are making it out to be.

“The number of people who can exploit this attack is limited to those who can walk up to your computer.

“The vulnerabilities you need to really worry about are those that can be exploited by anyone on the planet (those that leave your computer vulnerable to attack from anywhere on the internet) and this doesn’t appear to be that kind.”

Prof Price recommended not upgrading to new versions of major operating systems until all the bugs have been ironed out, and suggested that running the latest patched version of a second-to-last operating system can often be safer.


More in this Section

Embrace an android: Labour study warns UK must boost research and development spending in technology

Gary Oldman’s Darkest Hour performance gets seal of approval from Churchill's family

Uber appeal to Transport for London to be heard in the spring

AI uses bee-like ‘swarm thinking’ to correctly predict Time Person of the Year


 

Join the conversation - comment here

House rules for comments - FAQ

 

Today's Stories

Hospitals face closure under new targets law

‘This feud is only starting’: 30 pellets left in baby’s leg after shooting

Kelp-harvesting plan to go ahead in Bantry Bay

Cocaine-related overdoses rising, figures show

Lifestyle

A heavy burden for such young shoulders caring for parents this Christmas

How to enjoy Christmas without piling on the pounds

The Islands of Ireland: Former East Skeam resident recalls life on the island in West Cork

With ancient roots the pantomime dame is still a firm favourite

More From The Irish Examiner