macOS High Sierra

Serious flaw in macOS High Sierra allows anyone to log in without password

There is a serious security issue in macOS High Sierra, which allows anyone to log in as an administrator, without the need for a password.

This bug was reported by a developer, Lemi Orhan Ergin, on Twitter:

As mentioned in the tweet, all you need to do is go to System preferences and write root in the space assigned to the user name, leave the password blank and to enter To unlock. It only remains to try a couple of times, until the system provides access.

From there, the intruder can take full control, since it has administrator privileges. You can access the files, created users, modify, delete, etc.

At the moment, Apple has not issued a statement about it, but reported that they are working on an update to fix this bug. Meanwhile, there is a solution that users can apply, which only requires creating a password for root user, following the steps detailed in the Apple Support Center.

And for those who want visual help to perform the steps, you can check Chris Messina's tweet, which shows in a gif how to do the process, so there is no margin for error if you intend to apply that solution.

It remains to wait for the explanations that Apple will give and at what time to release the update to correct this serious bug.