Turkish developer Lemi Orhan Ergin has uncovered a major security flaw in macOS High Sierra, which lets anyone get full admin access without a password. Ergin did not report this vulnerability to Apple first, but rather just tweeted it out after discovering it, which means everybody is at risk once word spreads.
We can confirm the bug is present in macOS 10.13.1 and for anyone with a Mac in a public office space, you are urged to fix this by yourself, immediately.
Essentially, the bug allows someone to either login to your Mac or unlock System Preferences by using the user name “root” and a blank password. We tested this bug on our Macbook Pro and yep—we were able to gain access to our machine after clicking “Unlock” after a couple of tries.
You can test this yourself:
1. Open System Preferences > Users & Groups > click the lock icon in the bottom left corner
2. Enter the user name ‘root’, click on the password field and leave it blank, then click ‘Unlock’. Try this 1-3 times and voila—It will accept and boom, full system access.
Here’s a video of the flaw in action:
?????? pic.twitter.com/4TBh5NetIS
— patrick wardle (@patrickwardle) November 28, 2017
What makes this flaw so dangerous is people are reporting it also allows for full keychain access and any login where a user name and password is required, even via remote access via OS X screenshare. If you want to protect yourself, physically keep your Mac on lockdown for now, until Apple releases a software update, which we expect will come out in the next 24-48 hours due to the severity of this bug.
The workaround right now according to the Twitterverse, is to set a root user password. Here’s how to do it on your Mac right now…
On your system, launch Finder and navigate to:
System > Library > CoreServices > Applications > Directory Utility
Click the lock in the bottom left corner to unlock, then go to Edit (in the menu on your Mac) and ‘Change Root Password’. You’ll be prompted to change the root password, so enter something you’ll remember and click OK:
Note that disabling the root user does not fix this, as you’ll still be able to bypass it. Changing the root password is the workaround for now.
Let us know how it goes for you, and stay tuned for Apple’s macOS update soon…
Update: An Apple spokesperson told MacRumors the following statement:
“We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.”
[via The Register]
Want to see more of our stories on Google?
P.S. Want to keep this site truly independent? Support us by buying us a beer, treating us to a coffee, or shopping through Amazon here. Links in this post are affiliate links, so we earn a tiny commission at no charge to you. Thanks for supporting independent Canadian media!
it did not work for me – ie. root without password did not unlock for me after 5 tries, (MBP 10.13.1)
Unlocked on mine, 2nd try.Yikes! Has a password now.
When I tried it by clicking in the pwd field, but leaving it blank, it unlocked on the 1st try
unlocked mine on 10.13.2 beta 4… I’m download beta 5… will report back after installation.
unlocked on beta 5 too…
just noticed update to fix this is available
Update came in tonight