Apple to fix MacOS High Sierra’s “Huge” security flaw with upcoming software update

By Digit NewsDesk | Updated 29 Nov 2017
Apple to fix MacOS High Sierra’s “Huge” security flaw with upcoming software update
  • MacOS High Sierra OS allows anyone to access the root/admin account by simply entering “root” as the admin username and leaving the password field blank. Apple is said to be working on a software update for fixing the bug and has advised users to set a custom root account password

A major security flaw has been discovered in Apple’s MacOS High Sierra operating system, which allows anyone to access the root/admin account on a Mac. MacRumors reported the bug, via a developer named Lemi Ergin, saying that anyone can log into the admin account by entering root as the username and leaving the password field blank. Apple has acknowledged the flaw and said they are working on a software update for fixing the issue. 

advertisements

The root/admin account grants escalated privileges to a user, with full access to system files with read and write privileges. As per the report, the flaw allows admin access on an unlocked Mac and can also be exploited on a locked Mac’s login screen. Users can try it while using their normal or even a guest account by navigating to Users and Groups in System Preferences and clicking on the lock icon. A prompt asking username and password will show up where the user needs to enter ‘root’ as the username and click on the password bar, but leave it blank. Clicking on unlock will then allow using the admin account.

As per Apple’s instructions, a user should set a password for the root account instead of leaving it blank so that it can’t be accessed by anyone else. Apple, in a statement to MacRumors, said, “Setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the 'Change the root password' section." The bug is reportedly present in the current version of macOS High Sierra and its beta which is currently in testing.

advertisements

To set a root password, users need to follow the same aforementioned process for accessing an admin account and then click on Login Options. After that, users need to click on Join(or Edit) option next to the Network Account Server and click on the lock icon under Open Directory Utility. A prompt will ask for the user’s administrator name and password after which one needs to select Enable Root User by clicking at the ‘Edit’ tab on the menu bar and enter a new password for the admin account. Apple says this method will prevent the root account from being accessed using a blank password until they release a patch. As the bug can be exploited using a guest account, MacOS High Sierra users have also been advised to disable them.

advertisements
Digit NewsDesk
The guy who answered the question 'What are you doing?' with 'Nothing'.
advertisements
ASK DIGIT

Recent Questions

best security software for laptop
CHRISTIANA JOHN
Sept 19, 2014
Responses 1
t ruth pushpalatha
Sept 24, 2014
Comments
Be the first one to post the comment
Post a New Comment
You must be signed in to post a comment
advertisements