Here’s how to fix that very serious password bug on your Mac

Apple has advised customers to set an administrative password while it resolves a security issue in the latest version of its Mac operating system.

A “huge” flaw in MacOS High Sierra means it is possible for anyone using an Apple computer to access an admin account without even entering a password, if the computer has first been free to access while unlocked.

Apple issued instructions through its support website to help protect customers from any potential hacks while it is “working on a software update to address this issue”.

(Anthony Devlin/PA)

The quick fix comes by creating a password for the computer’s “superuser” account, which is used for system administration and on Macs is known as “root”.

“Setting a root password prevents unauthorised access to your Mac,” Apple said.

“If a root user is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section,” it added.

The bug was first reported by Turkish software developer Lemi Orhan Ergin, who contacted Apple on Twitter to inform it of the “unbelievable” find.

Videos posted online show people using the hack at the login screen, leaving the password field empty, and appearing to get unrestricted access to the machine.

One Twitter user said: “This is not the password-less future we all had in mind.”

Despite the ease of the hack, Open University’s Professor Blaine Price urged people not to be too worried.

He said: “This flaw is one of the most serious I have seen, mainly because it requires no technical skill, but the risks for ordinary people are probably a bit less than people are making it out to be.

“The number of people who can exploit this attack is limited to those who can walk up to your computer.

“The vulnerabilities you need to really worry about are those that can be exploited by anyone on the planet (those that leave your computer vulnerable to attack from anywhere on the internet) and this doesn’t appear to be that kind.”

Prof Price recommended not upgrading to new versions of major operating systems until all the bugs have been ironed out, and suggested that running the latest patched version of a second-to-last operating system can often be safer.

More in this Section

Everything to expect at Mobile World Congress 2018

Land Rover has made a super tough mobile phone which can last for two days without charge

The lobster emoji has finally been corrected to show it has 10 legs

Watch Airbus’ flying taxi take off for the first time


Today's Stories

€160m Cork docklands plan cleared for development

€22bn green plan but TDs drive diesel

New cancer treatment to reduce radiation risk to heart

Cork one of cities worst-hit if globe heats up

Lifestyle

The biggest cancer killer will take your breath away

Hopefully she had an idea...

Power of the press: Meryl Streep and Tom Hanks discuss 'The Post'

More From The Irish Examiner