The digital age is an interesting time to live in, but it has its own consequences. The more connected you are to the web, the risks of being exploited are higher. Hackers have found various loopholes to get into your lives without consent or knowledge. But where there's a way, there's a will.
As our reliance on tech gadgets increases, we are prone to be attacked at some point or the other. Even if you are not the victim, there's always a risk lurking to be exploited by malicious players. In a similar instance, users of Apple's secure computers or as we call them Macs are in grave danger.
A new bug has been discovered in the macOS High Sierra 10.13.1 and 10.13.2, which can grant administrative access to your computer without having to enter a password. The danger here is real as the perpetrators can gain access to a locked Apple Mac running the latest software. The threat is not coming from some hackers sitting behind a virtual curtain, but those who can physically gain access to your unattended Mac.
Word of advice: Do not leave your Mac running macOS High Sierra unattended.
How does this work?
The new bug is accessed by going into System Preferences > Users and Groups section on your Mac, which includes MacBook Pro, MacBook Air, Mac Mini and others. Then you'll find a lock icon, clicking on that will prompt for a username and password.
When you type username as "root" and leave the password space blank, admin privileges will be unlocked on the Mac.
What are the consequences?
Needless to say, anyone with admin access to your Mac can expose your private documents, install any app or program, add or remove other users and more. In short, it is a great threat to owners of Macs until the problem has been resolved. Also, Apple, which is known to put security first on its devices, faces flak over this bug.
"A password prompt that authenticates as root with an empty password would be a black eye for any OS. Never mind one from a security and privacy-conscious company such as Apple," Steve Troughton-Smith, a Mac software developer, wrote on Twitter.
Is there a fix?
Apple is actively working on a fix to this embarrassing and endangering problem, but there's an interim solution to keep users protected until then. And that's beside leaving your Mac unattended.
Apple has released a step-by-step support guide to enable password protection on the root user. You can do so by going to System Preferences > Users and Groups > Login Options and click the Join button next to Network Account Server. Then, click on Open Directory Utility and select Edit option in Mac's menu bar that will prompt you for a password.
Assign a password and you'll be safe until a permanent fix in the form of a software update is rolled out for your Mac.