Advertisment

macOS High Sierra bug allows root access without password

author-image
CIOL Writers
New Update
macbook e

Apple's macOS High Sierra has a serious bug that allows anyone to log in just by putting “root” in the user name field.

Advertisment

Needless to say, the hack is quite easy to pull off. It can be triggered through the Mac's System Preferences application when "Users & Groups" is selected, and the lock icon on the window is clicked. After that, a new login window will appear. Anyone who types "root" as the username, leaves the password field empty, and clicks unlock (once or twice) is on their way to a new account that has system admin privileges to the computer.

Root access allows someone to access your machine as a "superuser" with read and write privileges to many more system files, including those in other macOS accounts. The bug appears to have been first noticed by Lemi Orhan Ergin, founder of Software Craftsman Turkey, who noted it publicly on Twitter.

Don't fret just yet. There's a fix to it. As developer Colourmeamused tweeted, you need to set a root password:

Advertisment

Apple acknowledged the issue and said it's working on it, "We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section."

cyber-security apple