How to Fix: macOS High Sierra Flaw Allows Admin Access Without Password

Share

It's the highest level of access, and the account is normally disabled.

Apple's macOS High Sierra has a fatal security flaw allowing anyone to bypass system security by logging in as "Root" with no password and clicking "unlock" numerous times. As it turns out, it's remarkably easy for someone to gain admin access to the device; you don't even need a password.

Click the lock in the bottom left corner to unlock, then go to Edit (in the menu on your Mac) and "Change Root Password". The vulnerability affects all latest versions of the operating system, but it only seems to affect devices running macOS High Sierra and can't be reproduced on older versions of the OS.

On an up-to-date Mac, users can apparently gain access to change protected settings in certain circumstances by telling the system their username is "root" and providing a blank password.

More news: Google Pixel, Nexus battery app updated to show more accurate estimate
More news: North Korea Defector Regains Consciousness, Footage Shows Getaway Under Fire
More news: Harrison Ford helps rescue woman after crash

Once a password has been set for the "root" account, the flaw that allows a person to login as "root" with no password will no longer work. That said, this isn't good for macOS users and it looks bad for Apple.

Apple wasn't immediately available to comment on the bug, whether it's working on a fix, or how to protect any computers running High Sierra right now.

As it now stands, the bug presents a huge security risk for devices running MacOS High Sierra.

Currently, there is no official fix from Apple regarding the issue. You can do this from the user login screen. Changing the root password is the workaround for now.

Share