The flaw in MacOS High Sierra - the most recent version - makes it possible to gain entry to the machine without a password, and also have access to powerful administrator rights.
“We are working on a software update to address this issue,” Apple said in a statement.
The bug was discovered by Turkish developer Lemi Ergin.
He found that by entering the username "root", leaving the password field blank, and hitting "enter" a few times, he would be granted unrestricted access to the target machine.