There's an embarrassing and dangerous security hole in the latest Mac software

Advertisement
There's an embarrassing and dangerous security hole in the latest Mac software

Advertisement
Tim Cook macbook (smaller)

Getty

  • There's a bug in the latest version of MacOS that lets anyone log in to change settings with the username "root" and no password. 
  • Apple hasn't commented yet, but in the meantime, don't let anyone physically use your Mac computer if you're not there until Apple issues a fix. 

 

People are upset with Apple over a nasty security flaw apparently discovered on Tuesday in the latest version of MacOS, called High Sierra.

On an up-to-date Mac, users can apparently gain access to change protected settings in certain circumstances by telling the system their username is "root" and a blank password. 

Business Insider was able to replicate the bug on Tuesday. After plugging in "root" as our username and no password, it took two clicks to gain access to Users & Groups settings on a High Sierra system. The bug didn't work on Mac with older software. 

Apple didn't immediately respond to a request for comment.

Here are the original tweets that spurred the outrage: 

Lots of people are picking up on the problem, including NSA whistleblower Edward Snowden and other security experts. 

This isn't the first major Apple security bug that's been discovered recently in MacOS. Earlier this year, Macs would apparently give out people's passwords when they clicked for a password hint.