There’s a bug in Apple’s most recent operating system

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

(Photo credit: GABRIELLE LURIE/AFP/Getty Images)

There’s a flaw in Apple’s newest computer operating system that allows someone to gain administrative capabilities without a password.

The flaw, discovered by developer Lemi Orhan Ergan and his colleagues, affects macOS High Sierra. To exploit the vulnerability, someone with access to the computer can type “root” and no password in the Users & Groups section of System Preferences.

This gives root access to the computer — meaning a person could operate the device as if they were an administrator and could download malicious software or otherwise compromise the computer.

“We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac,” an Apple spokesperson said in a statement. You can follow the instructions here.

“If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section,” Apple said.

People across the web have been able to duplicate this bug.

The flaw requires physical access for most people, but could work remotely if the user has Remote Desktop enabled. It’s a good idea, as always, to keep your machine in your own possession.

Notice: you are using an outdated browser. Microsoft does not recommend using IE as your default browser. Some features on this website, like video and images, might not work properly. For the best experience, please upgrade your browser.