If you use MacOS High Sierra you should be on high alert. A Twitter user revealed a massive security vulnerability that allows anyone to log into your system as an administrator, without valid login credentials.
All a malicious user has to do is try to log in as “Root”From the login screen, leave the password field blank, and press Enter over and over again until the system allows access.
Dear @AppleSupport, we noticed a * HUGE * security issue at MacOS High Sierra. Anyone can login as "root" with empty password after clicking on login button several times. Are you aware of it @Apple?
– Lemi Orhan Ergin (@lemiorhan) November 28, 2017
Fortunately, there is a quick and easy solution. If you have already changed the password for Root of your system, you are safe. If not, changing that password should keep you protected until Apple issues an official patch.
If you are running MacOS High Sierra, take a few minutes to apply this quick solution:
First, you must open System Preferences in the system, select Login Options, and then click on Join, right next to Network Account Server This will open a small dialog box. All you must click on Open Directory Utility.
From here, slide the mouse up to theFinder and click on Edit. In this drop-down menu, select Change Root Password. And now comes the most important part: choose a safe and unique password that you can remember. And that's it! Problem solved, at least for now.
Apple still has to issue an official patch, or a set of instructions on how to protect yourself, but the above solution should work. Just be sure to keep an eye on your Mac until all this is fixed.
This situation came to light after a Twitter worker searched for the official account ofApple Support to get help regarding vulnerability, and from there everything spread. Twitter users around the world confirmed that they can replicate access and access their own computers without using anything other than a four-letter word.
This is not just a minor vulnerability, nor a gap in some type of code that only a hacker or security expert can exploit. This is a simple way to enter another person's computer. Just hope that an official solution will be launched soon.