macOS High Sierra bug allows full admin access without a password

But there's a relatively easy fix.

Sponsored Links

Rob LeFebvre
November 28, 2017 4:08 PM

If you're using Apple's latest macOS High Sierra, you'll want to be wary of giving people access to your computer. Initially tweeted by developer Lemi Orhan Ergin, there's a super-easy exploit that can give anyone gain admin (or root) rights to your Mac. Engadget has confirmed that you can gain root access in the login screen, the System Preferences Users & Groups tab and File Vault with this method. All you need to do is enter "root" into the username field, leave the password blank, and hit Enter a few times. Needless to say, this is some scary stuff.

Root access allows someone to access your machine as a "superuser" with read and write privileges to many ore system files, including those in other macOS accounts. Luckily, the fix is fairly easy. As developer Colourmeamused tweeted, you need to set a root password:

Engadget has confirmed that this will secure your macOS High Sierra machine, and keep people from gaining root access as above. We've reached out to Apple and will update this post when we hear back.

Turn on browser notifications to receive breaking news alerts from Engadget
You can disable notifications at any time in your settings menu.
Not now

Update, 5:30 PM ET: Apple provided a statement to Buzzfeed, saying that a software update was forthcoming to address this issue. It also notes how to set a root password to protect your computer in the meantime.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Popular on Engadget