Apple are urging users of its latest Mac operating system to set an admin password after a security flaw was revealed.
Turkish software developer Lemi Orhan Ergin raised the issue on Twitter yesterday. He discovered that those with the latest High Sierra OS are vulnerable to the bug, in which anyone using an Apple computer can access an admin account without even entering a password.
You can access it via System Preferences>Users & Groups>Click the lock to make changes. Then use “root” with no password. And try it for several times. Result is unbelievable! pic.twitter.com/m11qrEvECs
— Lemi Orhan Ergin (@lemiorhan) November 28, 2017
Bournemouth University contains a large number of Mac computers with the High Sierra software, and could be at risk.
Not only does it host dozens of Apple desktop computers, but laptops can also be handed out to students in classrooms.
Apple have acknowledged the issue on its website, saying that it is “working on a software update to address this issue”. They have also released information on how users can protect themselves.
The quick fix comes by creating a password for the computer’s “superuser” account, which is used for system administration and on Macs is known as “root”.
“Setting a root password prevents unauthorised access to your Mac,” Apple said.
Matt Horan, a Dorset-based national cyber security consultant, says: “It sounds to me like it is just very poor coding on their part and also like they’ve tried to roll it out too quickly without doing any proper testing on the software before it’s actually been released.”
Mr Horan suggests a radical fix for at-risk users: “The immediate fix would be to disconnnect any external connections, so don’t connect it to the internet until such time as you know Apple have got a patch that they can roll out and get it fixed.
“I would say it is a cause for concern because people have spent a lot of money – Macs aren’t cheap – and they’ve invested in a product that has been updated with the latest OS which hasn’t been done properly. So they are vulnerable to an attack, unless they know how to assign a password to, in Apple speak, ‘the root.”