Published: Wed, November 29, 2017
Research | By Jennifer Evans

How to fix the massive macOS root security bug

How to fix the massive macOS root security bug

If you have a root account enabled and a password for it set, the above blank password trick will not work.

Business Insider was able to replicate the bug on Tuesday.

Open System Preferences and click on the "Users & Groups" menu. After you click the lock icon, enter your admin name and password.

Once the phantom account is created, a user simply needs to enter "root" as a username and, without entering a password, hit enter to unlock. Click on the "Unlock" button.

A demonstration of the security flaw.

This flaw is significant but the risk to most users is quite low. He said the "only silver lining" about the bug is that it requires local access to the system and does not appear to be exploitable remotely. If you want to protect yourself, physically keep your Mac on lockdown for now, until Apple releases a software update, which we expect will come out in the next 24-48 hours due to the severity of this bug.

CNET independently confirmed that you can login on MacOS High Sierra with just the username "root".

It can't be stressed enough: This is a critical security flaw that all Apple laptop and desktop owners shouldn't ignore. We've reached out to Apple for comment and will update it we hear back.

Let's make this clear: this is a huge mistake on Apple's part, even if there's a relatively simple fix. This is a level of access that is well in excess of a normal admin account that is created when adding users on a Mac.

The exploit can be run in System Preferences.

Click the lock icon in Directory Utility's window and authenticate. Then select "Change Root Password..." and choose a strong password, something with many letters and characters that can't be guessed. Click Login Options then click Join (or Edit). This will prompt for a password for the Root user account.

Like this: