And there's no security check, according to developer Lemi Ergin, who spotted the bug.
The vulnerability allows any person to access the administrator's account on an already unlocked Mac. Press Return or click the Unlock button a few times - I've seen it both accept on the first try and require a couple of additional tries. All you need to do is set a password for your root account (even if you never plan on using it), and no one will be able to use it to login to your Mac. After signing in as a guest, it was possible to change security settings and install apps and software updates from the Mac App Store, just by typing the user name "root".
At this point, you should have full admin access from the locked login screen.
Despite suggestions that the flaw can be mitigated by disabling the computer's guest account, this will not work - it simply restarts the computer with Safari the only application running. Those running previous versions of MacOS including Sierra and Yosemite do not appear to be affected by the bug.
We have reached out to Apple and will update this article when we hear back.
The current release of macOS High Sierra, version 10.13.1, has a bug that allows someone with physical access to your machine to bypass the log-in screen and access your data.
Apple hasn't commented yet, but in the meantime, don't let anyone physically use your Mac computer if you're not there until Apple issues a fix. This gives the attacker access to all administrator preferences in System Preferences...but that's only the beginning: this also enables a new, system-wide root user with no password.
Apple's support team on Twitter replied to Ergin's tweet, which now has more than 3,500 retweets: "Let's take a closer look at what's happening together".
- Local stores in Nederland ready for 'Small Business Saturday'
- Mourinho Worried About Losing Man Utd Star
- Former 'Glee' actress Naya Rivera arrested for domestic battery
- Local organizations asking for support on Giving Tuesday
- Rush is on for Christmas tree growers
- Why 49ers Appear Intent To Give Jimmy Garoppolo Franchise Tag In 2018
- Sunny & Mild Start to Work Week
- Enhanced Odds: 33/1 on Watford or 7/1 on Man Utd
- Crabtree-Talib first-quarter squabble results in three ejections
- Argentinian Erik Lamela set to return for Spurs trip to Leicester