Multinational electronics company Apple has just learned of a major security flaw plaguing their operating system, the macOS. The flaw can easily grant anyone access to a device even without a password. It has been confirmed that the issue exists in the High Sierra version of the operating system.
The security flaw can be replicated on an Apple laptop with a High Sierra OS. The exploit can start whenever the device asks for elevated authentication, a feature that is similar to Microsoft Windows' User Access Control (UAC).
The authentication prompt will require a username and a password. When this happens, anyone can type "root" as the username and leave the password field blank. The user will be granted elevated access after clicking the "Login" button a few times.
This exploit was first made public by Twitter user @lemiorhan, who immediately notified Apple about it. "Anyone can log in as "root" with empty password after clicking on login button several times. Are you aware of it @Apple?" his tweet said.
The Verge confirmed that the security flaw exists for the High Sierra 10.13.1 version. They also stated that the flaw is not present in Sierra or older macOS versions.
The exploit is a significant security risk because it readily grants anyone administrator access to a device. Upon entry, the user can view all the files stored on the hard drive, as well as change passwords associated with the computer. The Apple ID email address associated with the device can be altered as well.
Due to the exploit's potential for malicious use, Apple is expected to respond with a fix swiftly. However, the company has not yet provided any definitive date for the next software update.
Affected users can change their root password as a fix in the meantime. Moreover, Apple has provided detailed steps on how to do it, but this is a temporary fix in lieu of the actual software update expected to roll out soon.
