Well, this is very embarrassing for Apple, a globally acclaimed technology devices and solutions company. Apparently, its laptops running MacOS High Sierra are very vulnerable, and it doesn’t take some serious hacking skills, just simply type in root under root password and hit ‘Ok’ button (sometimes more than once), and voila, you are in with full admin access.
Yes, that is right! Put in username as root then hit the ok button, and you get logged in with full admin access. No password needed! From there you can do pretty much anything you want with your full admin access privileges. That include ability to change the password for other user accounts on that computer, and any other mischiefs your heart desires.
This vulnerability was unearthed by Lemi Orhan Ergin, a Turkish developer, who says you might need to click Ok button a couple of times, but eventually you do log in without a password. Word has it that multiple other people have tried the same, and in all cases they were able to get into root admin login without ever putting a password.
There has been no official communication regarding the matter. As you would imagine, they (Apple) are getting a lot of calls, emails, social media call outs over the matter. To say that Apple is currently in a crisis meeting and grilling the ‘locksmith department’ won’t be too far fetch.
As a user, how do you protect yourself?
As we wait for security update from Apple to fix the matter, you, as a Mac computer user, should take hasty steps towards securing your computer. MS Power User recommends you assign a root password ASAP.
Go to System Preferences > User Groups and follow the instructions below:
Open Directory Utility
Click the lock symbol to make changes, log in as admin
Click Edit > Enable Root User
Click Edit > Change Root Password
Set a password.