A major bug has been found in the Apple Mac which lets anyone get access to your devices without using the password. The problem has been discovered in the macOS High Sierra 10.13.1 and the latest beta version (10.13.2). It gives Administrator privileges to users which lets them access anything present on the Mac. The ‘hacker’ can change the settings of the device, install any and all types of apps and programs, add and remove other users, and more. Interestingly, the bug can also be exploited to get access to a locked Mac. This issue clearly questions the security and privacy settings on Apple devices as it makes the user data vulnerable. Meanwhile, Apple has reportedly acknowledged the bug and said that a patch will be developed soon.
What is the issue? In an Apple Mac (MacBook Pro, MacBook Air, Mac Mini, etc), you can just go to the ‘Users and Groups’ section under System Preferences. Now, you need to click on the lock icon in order to make changes. Once done, you will have to type in the word ‘root’ as the username. Now, you can click on the password field and tap on ‘Unlock’. Voila! You can now get the admin privileges on the Mac. However, an Apple spokesperson Bill Evans has informed Bloomberg that it has acknowledged the bug and started to work on a patch. The spokesperson also suggested a temporary fix for the issue. The flaw was publicized Tuesday on Twitter by Lemi Orhan Ergin, a software engineer based in Turkey. Meanwhile, Edward Snowden, the famous NSA whistleblower, tweeted explaining the bug: “Imagine a locked door, but if you just keep trying the handle, it says ‘oh well’ and lets you in without a key.”
How to resolve the issue? The report said: “”We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorised access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.” So, in order to, fix the problem, users will have to assign their own password to the root account. Here is a guide:
Head to ‘System Preferences’, then select ‘Users and Groups’. Now, click on ‘Login Options’ on the left part of the menu. Now tap the ‘Join’ button beside ‘Network Account Server’. Now select ‘Open Directory Utility and click on ‘Edit’ in Mac’s menu bar, Finally, assign a password.