How to Fix: macOS High Sierra Flaw Allows Admin Access Without Password

Turkish developer Lemi Orhan Ergin has uncovered a major security flaw in macOS High Sierra, which lets anyone get full admin access without a password. Ergin did not report this vulnerability to Apple first, but rather just tweeted it out after discovering it, which means everybody is at risk once word spreads.

We can confirm the bug is present in macOS 10.13.1 and for anyone with a Mac in a public office space, you are urged to fix this by yourself, immediately.

Essentially, the bug allows someone to either login to your Mac or unlock System Preferences by using the user name “root” and a blank password. We tested this bug on our Macbook Pro and yep—we were able to gain access to our machine after clicking “Unlock” after a couple of tries.

You can test this yourself: 

1. Open System Preferences > Users & Groups > click the lock icon in the bottom left corner

2. Enter the user name ‘root’, click on the password field and leave it blank, then click ‘Unlock’. Try this 1-3 times and voila—It will accept and boom, full system access.

Root vulnerability macos high sierra

Here’s a video of the flaw in action:

What makes this flaw so dangerous is people are reporting it also allows for full keychain access and any login where a user name and password is required, even via remote access via OS X screenshare. If you want to protect yourself, physically keep your Mac on lockdown for now, until Apple releases a software update, which we expect will come out in the next 24-48 hours due to the severity of this bug.

The workaround right now according to the Twitterverse, is to set a root user password. Here’s how to do it on your Mac right now…

On your system, launch Finder and navigate to:

System > Library > CoreServices > Applications > Directory Utility

Screenshot 2017 11 28 13 19 56

Screenshot 2017 11 28 13 22 09

Click the lock in the bottom left corner to unlock, then go to Edit (in the menu on your Mac) and ‘Change Root Password’. You’ll be prompted to change the root password, so enter something you’ll remember and click OK:

Screenshot 2017 11 28 13 23 54

Note that disabling the root user does not fix this, as you’ll still be able to bypass it. Changing the root password is the workaround for now.

Let us know how it goes for you, and stay tuned for Apple’s macOS update soon…

Update: An Apple spokesperson told MacRumors the following statement:

“We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.”

[via The Register]