Early this morning a Turkish software developer pointed out a huge security flaw in the latest Mac operating system.
The flaw has the ability to give someone full access to basically any user account, to do what they like, and it’s pretty simple to do.
If you open System Preferences and navigate to ‘Users and Groups’, then click the lock. Once you are prompted to enter a password, replace the user name with ‘root’, select the password field, but leave it blank and click unlock. After a few clicks the system will unlock.
The good news is that the hacker would need physical access to a logged in Mac, and if there’s a root user already enabled this vulnerability won’t work.
There are concerns however that a hacker may be able to login remotely with a screen sharing app and exploit this security hole, however this hasn’t been confirmed.
To protect yourself from this vulnerability you need to enable the root user on your Mac, you can find instructions from Apple here.
As of yet, there has been no official comment from Apple.
Again this kind of vulnerability highlights the need for a comprehensive Disaster Recovery Plan.