MacOS High Sierra bug allows full admin access without a password

Herbert Rhodes
November 29, 2017

Apple has not set a password for the root superuser in its macOS High Sierra desktop operating system, a flaw that grants full access to all parts of a Mac computer.

Without explaining what the actual bug is (we don't want to make it any easier for potential hackers than this already is, and you can find it on Twitter pretty easily), someone can login to a Mac by typing a word in the login field, leaving the password field blank, and attempting to log in several times.

Root dialog
macOS High Sierra security vulnerability discovered, here's how to set root password for fix

"We are working on a software update to address this issue". It also allows for anyone to login to a machine even immediately after reboot. For affected machines, a person can login to the administrator account by simply entering "root" as the username with no password. But given the cartoonish extremity of this bug, chances are a fix will be available soon. After signing in as a guest, it was possible to change security settings and install apps and software updates from the Mac App Store, just by typing the user name "root". But for now, if you're using macOS High Sierra, take a moment to change the root password now, please. The issue allows someone to authenticate as a "system administrator" with the ability to view files and change details in user accounts. Then from the menu bar at the top of the screen, click on the "Edit" menu and choose "Enable Root User". A bug in Apple macOS High Sierra can let anyone gain admin access to a Mac. Then, click the "Join" button beside "Network Account Server" and a new panel will pop up. This will prompt for a password for the Root user account. Select Open Directory Utility click the lock icon in the Directory Utility window then enter your admin name and password again.

Currently, there is no official fix from Apple regarding the issue.

More news: Jose Mourinho Admits Worries Over Future of Marouane Fellaini

Other reports by TheSundaySentinel

Discuss This Article