How to Fix: macOS High Sierra Flaw Allows Admin Access Without Password

How to Fix: macOS High Sierra Flaw Allows Admin Access Without Password

How to Fix: macOS High Sierra Flaw Allows Admin Access Without Password

In the User Name field, enter root and leave the password field blank.

It's likely that you'd have to be running a certain version of High Sierra to get the same results. That is the full Unix root account, which has superuser privileges that enable it to see and modify any file in any account.

The flaw requires physical access for most people, but could work remotely if the user has Remote Desktop enabled. A spokesperson for Apple was not immediately available for comment. MacOS users may want to mitigate the issue themselves by assigning a root password or disabling the root account in System Preferences - User Groups on your Mac device.

After clicking unlock several times, it should eventually open up, no passwords necessary. If the lock is unlocked, the machine is affected by the security flaw. They can change any users' password, allowing them to log in and access things like email and browser passwords.

Today, it was discovered that there's a major security vulnerability in the latest version of macOS, High Sierra. (The company maintains an invite-only bug bounty program.) Despite its incredibly alarming simplicity, The Verge is not reproducing the steps to bypass High Sierra's login screen here. As a temporary fix, to prevent the bug from working, we suggest you enable a root account with a password. A bug in Apple macOS High Sierra can let anyone gain admin access to a Mac. The good news is that it's simple to patch this hole right now, without waiting for a software update from Apple. This will prompt for a password for the Root user account.

Choose Apple menu System Preferences, then click Users & Groups (or Accounts).

Currently, there is no official fix from Apple regarding the issue.

Click "Open Directory Utility" and a new window will open.

Related news