Apple password flaw exposed

APPLE users have noticed a troubling flaw in the company's Mac operating system which lets people circumnavigate password protocols to gain access to the computer.

Raising alarming privacy concerns, it means anyone with physical access to your MacBook or iMac can create a phantom profile that won't show up on real admin accounts if the machine is running the new High Sierra operating system.

In the device's System Preferences, under Users & Groups, you can click on the lock and gain system administrator access by simply entering the username "root" and leaving the password blank.

After hitting enter a few times it grants access. Once that is done, the trick can be used to log into the computer at any time.

The flaw appears to have been first reported by software developer Lemi Orhan Ergin who tweeted the fault to Apple's support team this morning.

The flaw has been confirmed by a number of users and reported by various tech publications.

As Forbes points out, while someone needs to have physical access to your computers, it is problematic in certain scenarios. For instance thieves now have an easy way to get into Apple Macs they've stolen and third parties like law enforcement officials could easily login to a suspect's private computer.

The bug reportedly works for all aspects of the operating system that would normally require a password, meaning someone could also get access to your Apple Keychain which holds all your passwords.

If you want a quick way to protect against the flaw, it's probably wise to turn off any guest admin account so people can't enact the password workaround, or change the root password from your directory utility under Settings > Users & Groups > Login Options.

Apple has yet to comment on the flaw.