As far as personal computer vulnerbilities go, this is probably high on the list in terms of severity.
On Monday, a Turkish software developer by the name of Lemi Orhan Ergin publicly posted of what he called “huge security issue” on Twitter (it should be noted there were conversations about this flaw on Apple’s own developer support forum several weeks ago):
You can access it via System Preferences>Users & Groups>Click the lock to make changes. Then use "root" with no password. And try it for several times. Result is unbelievable! pic.twitter.com/m11qrEvECs
— Lemi Orhan Ergin (@lemiorhan) November 28, 2017
“Root” is commonly known as a master account, and the ability to be able to log in without a password is tremendously concerning, as pointed out by scores of Mac OS users online. Users would be able to gain root access if the computer’s guest account is enabled.
Making matters worse, the bug could even be exploited remotely – meaning that a wrongdoer could gain access to your computer without even touching it.
Apple has been quick to respond to the incident, stating that, “We are working on a software update to address this issue.”
The California-based company also provided instructions for users to manually change the root password, which clears the issue.
Information on how that can be done be found here.
While users wait for Apple’s security update, following the above guide is suggested. Additionally, you can take a look at the below video: