MacOS High Sierra Security Bug Lets Anyone Gain Access To Your Machine

Mac computers with High Sierra have a serious bug that can let anyone gain root access to the system without a password.

On Tuesday, security researchers disclosed a bug that allows anyone a blindingly easy method of breaking that operating system’s security protections. Anyone who hits a prompt in High Sierra asking for a username and password before logging into a machine with multiple users, they can simply type “root” as a username, leave the password field blank, click “unlock” twice, and immediately gain full access.

With those privileges, the account can be used to modify the rest of the Mac and look up passwords on the keychain access. Even after a reboot, the root account remains.

This is a serious flaw and you should act quickly to defend yourself. As Apple advised, for now, the best workaround is to enable the root account, and keep it enabled with the password of your choice. Here’s how:

Step 1: Go to System Preferences > then click Users & Groups (or Accounts).

Step 2: After you click the lock icon, enter your admin name and password. Click Login Options > then click Join (or Edit).

Step 3: Select Open Directory Utility > click the lock icon in the Directory Utility window > then enter your admin name and password again.

Step 4: When Directory Utility opens in a new window, go to the menu bar and select Edit > Enable Root User, then enter a password for the root user.

 

Advertisements

One thought on “MacOS High Sierra Security Bug Lets Anyone Gain Access To Your Machine

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.