News Categories

MacOS High Sierra has a terrible 'root' security bug that lets anyone gain full access to the system

By Ng Chong Seng - on 29 Nov 2017, 10:13am

MacOS High Sierra has a terrible 'root' security bug that lets anyone gain full access to the system

Update, Nov 30, 12:30 AM: Apple has released a security update to fix the flaw. More details here.


First published on Nov 29, 2017 SGT:

Another day, another embarrassing bug from Apple. This time, it’s a serious security flaw in MacOS High Sierra, one that lets anyone gain 'root' access to the machine. First revealed by software developer Lemi Orhan Ergin, anyone can pull this off without sophisticated tools; you just need to know how to click a button.


On Tuesday, security researchers disclosed a bug that allows anyone a blindingly easy method of breaking that operating system’s security protections. Anyone who hits a prompt in High Sierra asking for a username and password before logging into a machine with multiple users, they can simply type “root” as a username, leave the password field blank, click “unlock” twice, and immediately gain full access.

Apple is already aware of the issue and is working on a fix. Until then, High Sierra users should enable root user and set a password by following Apple’s instructions here. Reminder: don’t disable root user after setting the password, or else the bug will return. You should also turn off screen sharing since that’s another place that uses the login prompt.

(For the uninitiated, a root account gives super-user access to the system, so that its user (usually administrators) can gain access to more areas of the system. On MacOS, this is supposedly disabled by default. So yeah, this bug is very bad.)

Source: Wired.

Join HWZ's Telegram channel here and catch all the latest tech news!
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.