One of the most alarming security bugs to ever plague a major computer operating system is also one of the dumbest. First discovered by Turkish developer Lemi Orhan Ergin, the vulnerability lets anyone log into any computer running macOS High Sierra — the most recent Apple operating system released — just by typing “root” for the username, and then clicking on the login button a few times with the password entry left blank.

Ergin tweeted about the flaw on Tuesday, and as of the time of publication, all macOS High Sierra machines are still vulnerable. Apple has a well-publicized bug-reporting program in place, but it appears Apple either didn’t know about the security flaw or was unable to fix it before Ergin tweeted it publicly — which unfortunately makes Apple users even more vulnerable to attackers with bad intentions.

Apple confirmed that it was already working on a solution. “We are working on a software update to address this issue,” the company said in a statement to BuzzFeed News. “In the meantime, setting a root password prevents unauthorized access to your Mac.”

Soon after Ergin’s tweet, a flood of security researchers and writers confirmed the bug works as described — whether attempting to access an administrator’s account on an unlocked Mac, or trying to gain access via the login screen of a locked Mac.

“It is as bad as it sounds,” Amit Serper, a security researcher from the software company Cybereason, told BuzzFeed News. “It allows everyone with access to your machine — and in some cases remotely — to escalate the privileges to the highest…

Continue ….

[SOURCE]