Apple to fix MacOS High Sierra’s “Huge” security flaw with upcoming software update

By Digit NewsDesk | Published on Nov 29 2017
Apple to fix MacOS High Sierra’s “Huge” security flaw with upcoming software update
HIGHLIGHTS

MacOS High Sierra OS allows anyone to access the root/admin account by simply entering “root” as the admin username and leaving the password field blank. Apple is said to be working on a software update for fixing the bug and has advised users to set a custom root account password

Apple iPhone XR 64GB at Lowest Price Ever

6.1" display | 50% Faster Graphics performance | TrueDepth camera

Click here to know more

A major security flaw has been discovered in Apple’s MacOS High Sierra operating system, which allows anyone to access the root/admin account on a Mac. MacRumors reported the bug, via a developer named Lemi Ergin, saying that anyone can log into the admin account by entering root as the username and leaving the password field blank. Apple has acknowledged the flaw and said they are working on a software update for fixing the issue. 

The root/admin account grants escalated privileges to a user, with full access to system files with read and write privileges. As per the report, the flaw allows admin access on an unlocked Mac and can also be exploited on a locked Mac’s login screen. Users can try it while using their normal or even a guest account by navigating to Users and Groups in System Preferences and clicking on the lock icon. A prompt asking username and password will show up where the user needs to enter ‘root’ as the username and click on the password bar, but leave it blank. Clicking on unlock will then allow using the admin account.

As per Apple’s instructions, a user should set a password for the root account instead of leaving it blank so that it can’t be accessed by anyone else. Apple, in a statement to MacRumors, said, “Setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the 'Change the root password' section." The bug is reportedly present in the current version of macOS High Sierra and its beta which is currently in testing.

To set a root password, users need to follow the same aforementioned process for accessing an admin account and then click on Login Options. After that, users need to click on Join(or Edit) option next to the Network Account Server and click on the lock icon under Open Directory Utility. A prompt will ask for the user’s administrator name and password after which one needs to select Enable Root User by clicking at the ‘Edit’ tab on the menu bar and enter a new password for the admin account. Apple says this method will prevent the root account from being accessed using a blank password until they release a patch. As the bug can be exploited using a guest account, MacOS High Sierra users have also been advised to disable them.

Videos

Apple iPhone 7 Plus vs OnePlus 5 vs Asus Zenfone Zoom S vs Xiaomi Mi A1  Digitin
logo
Digit NewsDesk

The guy who answered the question 'What are you doing?' with 'Nothing'.

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of Thinkdigit.com as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry.