Apple Mac computers can easily be broken into with just a few key presses because of major vulnerability
Issue can be fixed using complex settings
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Apple computers can be easily broken into with a few simple key presses, security researchers have found.
A vulnerability in the way the operating system uses passwords means that they can be simply bypassed by anyone, on practically any computer. Warnings about the bug have been shared by computing experts including Edward Snowden, who described the issue as "really bad".
Whenever a computer running MacOS asks a user to login, they can simply write the username "root" and an empty password. That might not work initially – but repeated presses of the login button will eventually let you through, no matter how complicated the password usually used on the computer.
The root account is a usually hidden login that has access to many of the most privileged part of the computer. It shouldn't appear to any normal user, and shouldn't be accessible to anyone who doesn't own the computer.
The issue was repeated multiple times on multiple computers by The Independent, though all of those computers were running the latest version of MacOS, High Sierra. Numerous other news sources and experts have also verified that the bug works.
It was reported first reported by security researcher Lemi Orhan Ergin. Notably, he posted it on Twitter and tagged Apple's official and support accounts – apparently not reporting it through the company's official bug reporting channels, which ensures that it's fixed before it makes it public knowledge.
If you think there is any chance your computer could be broken into or fall into the wrong hands, then it could be worth undertaking the slightly laborious fix. That involves setting a root password, so that anyone attempting to use the fix won't be able to use the empty field as above.
That's done by opening System Preferences, opening the "Users & Groups" panel, choosing "Login options", pressing the “Join” button that's next to ‘Network Account Server’, and clicking on “Open Directory Utility” then choosing the lock icon and logging in. Choose the edit menu and press "Change Root Password" – it will prompt you for your old one, which is probably blank, and you can then change it to something new and more secure.
Clearly, Apple won't expect everyone to go through that long and not immediately obvious process to secure their computer and the company will almost certainly roll out a fix very soon. As such, it will be important to keep a look out for that update and install it as soon as it becomes available.
Such bugs and issues are relatively rare with Apple products, given they are now fairly mature and developed by a relatively limited number of people. But the sheer number of people who use them mean that even a minor issue can resound around the world, as in the cases of vulnerabilities found in iOS, the software that runs on iPhones.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments