Click to Skip Ad
Closing in...
  1. MyQ Smart Garage Door Opener
    11:06 Deals

    Unreal Prime Day deal gets you a MyQ smart garage opener and a $40 Amazon credit for $17

  2. Amazon Dash Smart Shelf
    15:16 Deals

    I’m obsessed with this Amazon gadget you’ve never heard of – and it&#821…

  3. Prime Day Deals 2021
    04:05 Deals

    Amazon Prime Day deals 2021: See hundreds of the best deals right here

  4. Amazon Prime Day Deals 2021
    12:56 Deals

    Amazon just announced a ton of new deals for day 2 of Prime Day

  5. Best Prime Day Deals
    17:36 Deals

    The 15 best Prime Day deals you can still get right now

Critical security flaw lets anyone gain root access to a Mac running macOS High Sierra

November 28th, 2017 at 3:30 PM
MacOS High Sierra login bug

A software developer appears to have found a major security flaw with the latest version of the MacOS High Sierra. Anyone can login to the default root account using the username “root” and no password, giving them access to a superuser with access to all areas of your system — including read and write privileges on other user accounts.

The bug was discovered by Lemi Orhan Ergin, whose Twitter profile shows him as a Turkish software developer. BGR staff tested the bug on several devices running the most recent version of MacOS High Sierra, and were able to log in as the root user easily, with access to all other user accounts.

Apple issued a statement to The Loop saying “We are working on a software update to address this issue.”

It’s difficult to overstate how bad this security flaw is. Root access to a system is the holy grail of control over a device; leaving the root account enabled and with no password is like setting the nuclear launch code as “1234.”

All you need to do to login is go to the login screen, type “root,” leave the password box blank, and try to login. It may take a few attempts, but it seems to work consistently based on BGR‘s testing.

As it currently stands, the bug presents a huge security risk for devices running MacOS High Sierra. The root account for your device is a superuser, with the ability to read and write files all across the system. It’s the highest level of access, and the account is normally disabled. You can enable or disable the root account from System Preferences –> User Groups on your Mac device.

Right now, the best solution for anyone running MacOS High Sierra is to set a password for the root account, which will prevent anyone with access to your computer from being able to login and make changes.

Popular News