Earlier today, a security bug was discovered in MacOS High Sierra that allows anyone to log in to your computer using the username “root” with no password.
Originally brought forward on Twitter by Lemi Orhan Ergin, the bug works by opening System Preferences and going to Users & Groups. To make changes in this menu normally require a password — you have to click the padlock icon in the lower left corner, which prompts you to enter a username and password. However, thanks to the bug, one can simply enter “root” as the username and leave the password field blank. CNET reached out to Apple for comment, but we have not yet heard back.
It may not work the first time, but trying it additional times will unlock the padlock, giving anyone access to your computer. In our testing, it only took two attempts to unlock the padlock and gain access to an administrator account without a password. After using this root trick in System Preferences, we were then able to log into a locked Mac by choosing Other in the login screen and then entering “root” and no password.
Fortunately, there’s a quick fix for the vulnerability, thanks to iMore: set a password for the root user on your Mac. Here’s how to do it.
- Click the Apple logo in the menu bar and select System Preferences (or search for it in Spotlight).
- Click Users & Groups.
- Click the padlock icon in the lower-left corner.
- Enter the password for your username.
- Click Login Options.
- Click Join or Edit next to Network Account Server.
- Click Open Directory Utility…
- Click the padlock icon in the lower-left corner and enter your password once more.
- In the menu bar, click Edit and select Enable Root User. If root user is already enabled, click Change Root Password…
- Enter a secure password and enter it a second time to verify.
- Click OK to finish.
Once you’ve set a root password, the exploit will no longer work. However, if you disable the root user before Apple issues a patch for High Sierra, it will cause the bug to work again.
