They were publicly called out this week by a Twitter user, who found a major flaw in the log in process.
Users were able to log in with just the username “root”, and leaving the password field blank. The bug worked everywhere a password would normally be required, meaning that anyone would be able to access your device, Keychain etc.
Apple gave a temporary fix – to set up a root user and password on your system, before the official software update was released earlier this week.
There’s a bug bounty for iOS, but it’s a shame there’s not one for MacOS just yet…