Major MacOS High Sierra Bug Allows Full Admin Access Without Password (Fix)
Posted by: Timothy Tibbetts on 11/29/2017 06:30 AM [ Comments ]
MacRumors is reporting that a serious bug in macOS High Sierra has been found that enables the root superuser on a Mac with a blank password and no security check.
Of course, us Windows users know this can't be. Just ask any Mac user.
The bug, discovered by developer Lemi Ergin, lets anyone log into an admin account using the username "root" with no password. This works when attempting to access an administrator's account on an unlocked Mac, and it also provides access to the login screen of a locked Mac.
Apple has responded to MacRumors saying:
An Apple spokesperson told MacRumors that a fix is in the works:
"We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the 'Change the root password' section."
You can find out more about how to replicate this bug at MacRumors.
The bug, discovered by developer Lemi Ergin, lets anyone log into an admin account using the username "root" with no password. This works when attempting to access an administrator's account on an unlocked Mac, and it also provides access to the login screen of a locked Mac.
Apple has responded to MacRumors saying:
An Apple spokesperson told MacRumors that a fix is in the works:
"We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the 'Change the root password' section."
You can find out more about how to replicate this bug at MacRumors.
Comments