A Turkish software developer announced Tuesday that he has found a severe security bug in Apple's new Mac operating system (MacOS) that would allow anyone to gain full administrator control of a computer without entering a password.
"Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as "root" with empty password after clicking on login button several times. Are you aware of it @Apple?" the Turkish developer Lemi Orhan Ergin tweeted.
Because of the bug, Ergin found that anyone can gain unauthorized access into a Mac running MacOS High Sierra, its most recent version, by logging in as "root" for username and clicking on the login button a few times with an empty password.
Other Apple users have also reported on social media the existence of the bug, which was said to be able to work remotely through third-party software called VNC and Apple-owned Remote Desktop software.
Apple responded to Ergin's security alert Tuesday afternoon by replying a tweet to Ergin.
"Thanks for reaching out. Send us a DM, and we'll look further into this with you," Apple's customer support division tweeted.
Apple issued a statement saying it is working on a software update for the bug.
The IT company also advised its MacOS user to set a root password to prevent unauthorized access to their Mac.
"If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the 'Change the root password' section," Apple suggested.
From China Daily