A newly discovered bug in macOS High Sierra enables the root superuser on a Mac with a blank password and no security check, essentially giving anyone full access to your Mac.
Apple is likely already working on a fix, but in the meantime, there's a temporary workaround -- enabling the root user with a password. Here's how:
From there, you can enter a password for the root user account, which prevents it from being accessed with a blank password, which is what the current bug allows to happen.
Disabling the root user account again follows the same steps, but at the "Edit" portion of the process, you'll select "Disable Root User" to remove the option. Until the bug is fixed, though, you'll want to leave the root user account intact to prevent it from being accessed without a password.
To further protect your Mac, you can also disable guest accounts, though this is not a necessary step with a root password enabled. Guest accounts can be disabled by going to System Preferences > Users & Groups and choosing "Guest User" after entering your admin password. Disable "Allow guests to log in to this computer."
Update: Apple has released a security update to fix this issue, and all macOS High Sierra users should apply the update as soon as possible to ensure they are protected.
Apple is likely already working on a fix, but in the meantime, there's a temporary workaround -- enabling the root user with a password. Here's how:
- Open Spotlight and search for Directory Utility.
- Double click on the app result to open.
- Click on the lock at the bottom of the window to make changes and enter your username and password for an administrator account on your computer.
- In the menu bar at the top of the screen, choose "Edit."
- Select "Enable Root User."
From there, you can enter a password for the root user account, which prevents it from being accessed with a blank password, which is what the current bug allows to happen.
Disabling the root user account again follows the same steps, but at the "Edit" portion of the process, you'll select "Disable Root User" to remove the option. Until the bug is fixed, though, you'll want to leave the root user account intact to prevent it from being accessed without a password.
To further protect your Mac, you can also disable guest accounts, though this is not a necessary step with a root password enabled. Guest accounts can be disabled by going to System Preferences > Users & Groups and choosing "Guest User" after entering your admin password. Disable "Allow guests to log in to this computer."
Update: Apple has released a security update to fix this issue, and all macOS High Sierra users should apply the update as soon as possible to ensure they are protected.
82 comments
When tvOS 12 was introduced back in June of 2018, Apple announced a new Zero Sign-on feature, a followup to Single sign-on. Zero Sign-on is designed to let you sign into all TV apps automatically...
AT&T today announced that it has launched its first mobile 5G service in parts of 12 cities across the United States, but 5G connectivity won't be available until Friday, when its 5G device...
The Wall Street Journal has published an in-depth look at Apple's efforts to grow its sales in India, the "world's biggest untapped tech market." With smartphone sales flattening in...
Photos of Apple's rumored Smart Battery Cases for the iPhone XS and iPhone XS Max have been uncovered in a product merchandising guide for Apple Premium Resellers that was obtained by the blog...
Qualcomm on December 10 scored a victory in its ongoing legal battle with Apple after winning an import ban on the iPhone 6s through the iPhone X.
The ban was enacted after a Chinese court said...
Apple this evening shared several new Apple Watch Series 4 tutorial videos on its YouTube channel, walking Apple Watch owners through features that include watch face customization, Walkie-Talkie,...
Apple today released iOS 12.1.2, the fourth update to the iOS 12 operating system since its September launch. iOS 12.1.2 comes just two weeks after the release of iOS 12.1.1, and one week after Apple...
Back in 2014, iPhone user Garrett Wilhelm was using FaceTime on his iPhone 6 Plus while driving, causing him to crash into the back of another vehicle.
The crash resulted in the death of...
