- There's a bug in the latest version of MacOS that lets anyone log in to change settings or access your data with the username "root" and no password.
- Apple hasn't commented yet, but in the meantime, don't let anyone physically use your Mac computer if you're not there until Apple issues a fix.
- Some users are reporting that changing the root user's password fixes the problem.
People are upset with Apple over a nasty security flaw apparently discovered on Tuesday in the latest version of MacOS, called High Sierra.
On an up-to-date Mac, users can apparently gain access to change protected settings in certain circumstances by telling the system their username is "root" and providing a blank password.
Business Insider was able to replicate the bug on Tuesday. After plugging in "root" as our username and no password, it took two clicks to gain access to Users & Groups settings on a High Sierra system. The bug didn't work on a Mac with older software.
Theoretically, a user with "root" access has complete access to your entire computer, its data, and its settings. Apple didn't immediately respond to a request for comment.
Here are the original tweets that spurred the outrage:
Dear @AppleSupport, we noti... @ Lemi Orhan Ergin
@AppleSupport @Apple You ca... @ Lemi Orhan Ergin
Lots of people are picking up on the problem, including NSA whistleblower Edward Snowden and other security experts.
Imagine a locked door, but ... @ Edward Snowden
Uh, that#emo#s not so good... <... @ Troy Hunt
You can bypass Apple auth b... @ Bill Mill
Apple right now <a href="ht... @ The Register
Log in as root, change root... @ Lizzie
Some users are reporting that you can change your root password to fix the issue, but Apple has not issued official guidance yet. MacRumors also has some tips to temporarily fix the problem by changing the root password.
This isn't the first major Apple security bug that's been discovered recently in MacOS. Earlier this year, Macs would apparently give out people's passwords when they clicked for a password hint.