MacOS High Sierra bug allows full admin access without a password

Adjust Comment Print

There may be other ways that this vulnerability can be exploited: I'll update this post as more information becomes available.

A critical security flaw in Apple's latest version of macOS grants intruders access to your computer's settings and data without needing a password.

macOS High Sierra includes the Apple File System to make using your Mac faster, Metal 2 with native VR support, updates to Siri including an all-new more human-like voice, autoplay blocking in Safari for ads, and support for external GPUs you may wanna hook up to your machine for heavy workloads or intense games.

Essentially, the bug allows someone to either login to your Mac or unlock System Preferences by using the user name "root" and a blank password. Type "root" with no password, and simply try that several times until the system relents and lets you in.

IBT reached out to Apple for comment regarding the discovery of the security vulnerability but did not receive a response at the time of publication.

Oregon Massage Envy therapists' licenses revoked after sex assault claims
I didn't do that, and that is probably the only regret I'll have in life". "None of them took it seriously", Kendall said. Meanwhile, the latest woman to go public said she felt compelled to do so because the times call for her to do so.

A demonstration of the security flaw. To do this, head to System Preferences Users & Groups, then click the "Login Options" item in the left panel.

This is a developing story.

Enter "root" again with no password. You can do this from the user login screen. However, there is a workaround that will provide users with some additional security to prevent against unauthorized logins: users can enable a root account that requires a password to gain access.

Currently, there is no official fix from Apple regarding the issue. When Directory Utility opens in a new window, go to the menu bar and select Edit Enable Root User, then enter a password for the root user.

You can patch this problem right now by creating a root account manually and giving it a secure password.