Huge security flaw leaves macOS High Sierra open to attack

By

macOS High Sierra
Apple let a major security flaw slip through the cracks.
Photo: Apple

A serious security flaw in macOS High Sierra has been exposed that allows anyone to gain full access to affected Macs without knowing the computer’s administrative password.

The bug appears to let someone log into the admin account on a Mac by simply typing “root” as the username while leaving the password field blank. Attackers could potentially exploit the bug to access locked Macs and gain access to personal information.

Developer Lemi Orhan Ergin was the first to spot the flaw and posted about it on Twitter. It appears that Apple currently doesn’t have a fix for it, or wasn’t even aware of the problem.

You can see the security bug in action yourself. To replicate it, open System Preferences and go to the Users & Groups section. Click the lock to bring up the login box. Then type “root” in the username field, click the password filed but leave it blank. Now click unlock and it should open up full access to the administrator account.

Apple released the following statement about the security flaw this afternoon:

“We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac.”

As a quick fix, Apple recommends following its guide on how to enable the Root User and set a password for it. You can set yours by opening Terminal, then type in the following command: “sudo passwd -u root”. After that just enter your password and then a new password for the root users and you should be secure.

  • Keith Oxford

    Just tried what you say above and does not accept it. My username replaces “root” once clicking “UNLOCK”. Maybe its been fixed in 10.13.2 Beta (17C79a).

  • benbattle

    It does work. You need to have the cursor in the password box when you click “Unlock”. It failed the first time for me, but a second click and the Admin profile opened up. Nasty…

  • Ola Tee

    That should only happen if you did not lockdown your system with root password initially. I always change my root password on new Macs or after fresh installations.