macOS High Sierra bug allows full admin access without a password

But there's a relatively easy fix.


If you're using Apple's latest macOS High Sierra, you'll want to be wary of giving people access to your computer. Initially tweeted by developer Lemi Orhan Ergin, there's a super-easy exploit that can give anyone gain admin (or root) rights to your Mac. Engadget has confirmed that you can gain root access in the login screen, the System Preferences Users & Groups tab and File Vault with this method. All you need to do is enter "root" into the username field, leave the password blank, and hit Enter a few times. Needless to say, this is some scary stuff.

Root access allows someone to access your machine as a "superuser" with read and write privileges to many ore system files, including those in other macOS accounts. Luckily, the fix is fairly easy. As developer Colourmeamused tweeted, you need to set a root password:

Engadget has confirmed that this will secure your macOS High Sierra machine, and keep people from gaining root access as above. We've reached out to Apple and will update this post when we hear back.

Update, 5:30 PM ET: Apple provided a statement to Buzzfeed, saying that a software update was forthcoming to address this issue. It also notes how to set a root password to protect your computer in the meantime.