November 30, 2017
A major flaw has been spotted in Apple’s macOS High Sierra. The operating system is allowing anyone to gain administrator access, once they lay their hands on the device. But the worse of all is that the OS isn’t even asking for a password to enter into the system.
It is clear that mac owners shouldn’t be leaving their device unattended. The problem was spotted on the latest version of High Sierra — 10.13.1 (17B48). Apple confirmed that it is working on an update to fix the issue. In the meantime, Apple also released a step-by-step instruction in order to help customers protect their systems till the update is released.
Apple issued the following statement, “We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.”
Interestingly, the problem with the login security issue does not affect Sierra or other previous versions of macOS. It has been confirmed that the major security issue remains present as of MacOS 10.13.1, the current release of High Sierra. The security vulnerability was first posted and discussed on Twitter.