There's a major security flaw in macOS that gives anyone admin access

James Marshall
November 29, 2017

It's the highest level of access, and the account is normally disabled. Then, instead of entering a password, you can type in "root" for the username and leave the password field empty.

A massive security hole affecting Mac computers running the latest version of MacOS High Sierra has been discovered. It can also be used at the login screen of a locked Mac to unlock the machine and gain full administrative access.

After clicking unlock several times, it should eventually open up, no passwords necessary.

Effectively, this issue renders any system running macOS High Sierra completely unsecured - as it doesn't just unlock the device, it gives Admin access.

A demonstration of the security flaw.

It's hard to overstate how bad this security flaw is.

As it now stands, the bug presents a huge security risk for devices running MacOS High Sierra. You can enable or disable the root account from System Preferences - User Groups on your Mac device.

A number of users have reported the issue is not active in other versions of MacOS.

Let us know how it goes for you, and stay tuned for Apple's macOS update soon...

Apple didn't immediately respond to a request for comment. Changing the root password is the workaround for now.

Some users are reporting that you can change your root password to fix the issue, but Apple has not issued official guidance yet.

Once a password has been set for the "root" account, the flaw that allows a person to login as "root" with no password will no longer work.

Other reports by Click Lancashire

Discuss This Article