How to fix the massive macOS root security bug


It turns out you don't need a password to log into a locked Apple device using MacOS High Sierra - just the username "root". Type "root" with no password, and simply try that several times until the system relents and lets you in.

The level of unbridled access this security hole permits - and it abruptly being made public - will nearly certainly prompt Apple to move fast in releasing an update for its Mac operating system. It also allows for anyone to login to a machine even immediately after reboot. Fortunately, there is a simple fix for this until Apple patches this inexplicable bug: Change the root account's password now. The Apple Support Twitter account acknowledged Ergin's tweet highlighting the issue but did not provide any additional comment. But given the cartoonish extremity of this bug, chances are a fix will be available soon.

Choose Edit Change Root Password and enter a new, non-trivial password. The previous version of the operating system didn't appear to be affected by the bug.

Once you've done that, the root account will be password protected, and your Mac should be safe.

You can access it via System Preferences Users & Groups Click the lock to make changes. You can see how to exploit works in the video below.

More news: Martellus Bennett to Be Placed on Injured Reserve
More news: Miss South Africa Demi-Leigh Nel-Peters is Miss Universe 2017
More news: Microsoft office rolls out on Chromebooks

If a bad actor exploited this security bug, they'd get System Administrator access - meaning that person could read and write over virtually any part of the computer system, including files in other macOS user accounts.

Click, then enter an administrator name and password.

Users can click on the login options button, then select the join network account server option.

Many people have confirmed Ergin's discovery, and if you're running High Sierra, you can check it yourself.

Click "Open Directory Utility" and a new window will open.