How to fix the massive macOS root security bug

Share

It turns out you don't need a password to log into a locked Apple device using MacOS High Sierra - just the username "root". Type "root" with no password, and simply try that several times until the system relents and lets you in.

The level of unbridled access this security hole permits - and it abruptly being made public - will nearly certainly prompt Apple to move fast in releasing an update for its Mac operating system. It also allows for anyone to login to a machine even immediately after reboot. Fortunately, there is a simple fix for this until Apple patches this inexplicable bug: Change the root account's password now. The Apple Support Twitter account acknowledged Ergin's tweet highlighting the issue but did not provide any additional comment. But given the cartoonish extremity of this bug, chances are a fix will be available soon.

Choose Edit Change Root Password and enter a new, non-trivial password. The previous version of the operating system didn't appear to be affected by the bug.

Once you've done that, the root account will be password protected, and your Mac should be safe.

You can access it via System Preferences Users & Groups Click the lock to make changes. You can see how to exploit works in the video below.

More news: Microsoft office rolls out on Chromebooks
More news: UK Government backs clean growth in new Industrial Strategy plans
More news: Donald Trump the golf with Tiger Woods and Dustin Johnson

If a bad actor exploited this security bug, they'd get System Administrator access - meaning that person could read and write over virtually any part of the computer system, including files in other macOS user accounts.

Click, then enter an administrator name and password.

Users can click on the login options button, then select the join network account server option.

Many people have confirmed Ergin's discovery, and if you're running High Sierra, you can check it yourself.

Click "Open Directory Utility" and a new window will open.

Share