If you thought Apple had unusual trouble stabilizing iOS 11 and ironing out the many annoying kinks that probably held back iPhone and iPad users from updating to the latest platform version, wait until you hear about a newly discovered macOS security issue.

This may well be the most embarrassing misstep made by Cupertino’s software engineers in a long time, and no one can understand how something so simple and dangerous escaped QA’s radar in the first place.

Basically, anyone with physical access to a computer running macOS High Sierra 10.13.1 can easily obtain so-called “superuser” rights, whether they’re the rightful owner of the device or not.

All they have to do is go into System Preferences, then Users & Groups, click on the little lock icon, and enter the user name “root” with no password required. As long as the actual Mac’s user never enabled the root option to gain “read and write privileges to more areas of the system, including files in other macOS user accounts”, any malicious individual can break in by leaving the password field empty and pressing enter a couple of times.

Ironically, Apple’s support webpages recommend you not routinely use the root user account, but in this particular case, you’re actually advised to set a strong (or weak) password for access to special Mac privileges. That way, it’ll be a lot harder for someone out to get you to disable FileVault encryption, turn off your Firewall or wreak all kinds of havoc, including locking you out of your own computer.

What’s even worse is that, if you don’t do the above, the security hole could also leave you open to a breach of security where standard Mac logins wouldn’t require a password either.

For what it’s worth, Apple is obviously preparing a comprehensive fix in addition to strongly recommending Root User activation and password selection as a temporary workaround.

You May Also Like

How to have a Safe Video Call Party while Quarantined

Staying in because of the coronavirus outbreak? Learn how to have a Video Call Party that doesn’t violate the privacy of you and your friends.

iPadOS 13.4 with trackpad support to release on March 24

You’ll have to wait until May to take full advantage of trackpad support because that’s when the new Magic Keyboard cover hits the shelves.

Purism Librem Mini is a Freedom Friendly Home Server or Desktop

Purism’s laptop computers start at $1249, so a mini desktop that starts at $699 but gives you all of the same security features is a welcome addition.