Apple has fixed the bug that let anyone log into a Mac with the username 'root'
- Apple released a fix for an embarrassing Mac bug on Wednesday.
- The bug would let anyone log into an up-to-date Mac with the username "root" and a blank password.
- Mac users should update immediately through the Mac App Store.
Apple released a software update on Wednesday fixing a nasty bug in up-to-date versions of MacOS which could give an attacker complete access to an entire system's settings and data.
The bug was blindingly simple: All someone had to do was put their username as "root" and leave the password blank on the right login screen on a Mac laptop or desktop running High Sierra, the most recent version of MacOS.
People with Macs can update their operating system to fix the bug through the Mac App Store.
"An attacker may be able to bypass administrator authentication without supplying the administrator's password," the Apple security page reads.
"A logic error existed in the validation of credentials. This was addressed with improved credential validation," it continued, confirming that only computers with MacOS High Sierra, the most recent software, was affected.
A very bad bug
In Unix-based systems, like MacOS, "root" is the most privileged user, who has the power to change anything on the operating system.
"Once someone is logged into your Mac as root, they can do whatever they want, including accessing your files, installing spyware, you name it. So, in other words, if you were to leave your Mac unattended for 30 seconds, someone could backdoor it and have a very powerful way in later," Mac security expert Thomas Reed wrote at Malware Bytes.
The ultimate cause of the bug became clearer on Wednesday as Patrick Wardle, Synack's director of research, published a long, technical look at the vulnerability.
Essentially, Wardle found, is that the bug is a password setting issue for any disabled user, not just "root."