x
Breaking News
More () »

Watch out: MacOS bug leaves big hole in Mac security

If you have a Mac you need to read this now.
macOS Sierra replaced OS X

Apple is preparing a fix for a bug that will let an intruder infiltrate your Mac.

If your Mac runs the latest version of Apple's operating system software, MacOS High Sierra, you will want to be extra careful with the computer.

The bug, made public on Twitter Tuesday by Turkish software developer Lemi Orhan Ergin, revealed that anyone can log into your Mac or adjust settings on the computer by entering the login name "root" (without quotations) and clicking enter, no password needed.

The person would need physical access to the computer as the login can't be done remotely.

USA TODAY confirmed the vulnerability on a late 2013 MacBook Pro running MacOS 10.13.1 and a late 2015 iMac running the same software. The bug unlocks the safeguards that prevent changes in "System Preferences" on the machine as well letting someone log into the Mac from the lock screen by simply going to the "other user" tab.

Apple said the promised fix would come in a future software update. In the interim, the company recommends users follow the steps outlined on its support page to disable the root user access.

“We are working on a software update to address this issue," the company said in a statement provided to USA TODAY. "In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.”

In following Apple's steps we were able to disable the "root user" access.

Apple did not immediately respond to a question as to when users might expect to see a software update.

It should go without saying that this latest bug poses plenty of risks. By giving anyone administrator access, they would have unfiltered access to your files as well as the ability to delete your data, change your password or even lock you out. The security vulnerability also would allow someone to make these changes remotely so long as they were connected to your computer.

Contributing: Elizabeth Weise, Ed Baig

Follow Eli Blumenthal on Twitter @eliblumenthal

Before You Leave, Check This Out