A newly discovered bug in macOS High Sierra enables the root superuser on a Mac with a blank password and no security check, essentially giving anyone full access to your Mac.

Apple is likely already working on a fix, but in the meantime, there's a temporary workaround -- enabling the root user with a password. Here's how:

  1. Open Spotlight and search for Directory Utility. directory utility spotlight
  2. Double click on the app result to open.
  3. Click on the lock at the bottom of the window to make changes and enter your username and password for an administrator account on your computer. directory utility
  4. In the menu bar at the top of the screen, choose "Edit." macoshighsierrarootbugeditmenu
  5. Select "Enable Root User."

From there, you can enter a password for the root user account, which prevents it from being accessed with a blank password, which is what the current bug allows to happen.

macoshighsierrarootbugpassword
Disabling the root user account again follows the same steps, but at the "Edit" portion of the process, you'll select "Disable Root User" to remove the option. Until the bug is fixed, though, you'll want to leave the root user account intact to prevent it from being accessed without a password.

To further protect your Mac, you can also disable guest accounts, though this is not a necessary step with a root password enabled. Guest accounts can be disabled by going to System Preferences > Users & Groups and choosing "Guest User" after entering your admin password. Disable "Allow guests to log in to this computer."

Update: Apple has released a security update to fix this issue, and all macOS High Sierra users should apply the update as soon as possible to ensure they are protected.

Related Forum: macOS High Sierra

Top Rated Comments

poppy10 Avatar
92 months ago
This is such a fundamental and major security flaw, it's mind-blowing how it managed to get through Apple's QA

A critical vulnerability that allows root access to all macs with a single click. We'd be laughing at Microsoft if this had occurred with Windows
Score: 27 Votes (Like | Disagree)
rpmurray Avatar
92 months ago
Now the new backdoor that Apple added for the government has been blown.
Score: 12 Votes (Like | Disagree)
Sefstah Avatar
92 months ago
Or, you know, don't leave your laptop sitting around unlocked. As more or less 100% of your critical info is under your user account anyway, probably even in the easy to find Documents folder, it's almost useless to spend time (as a theif) monkeying with root accounts. Just yoink what you need directly. Creating a root password (as a theif) presumes future access to the Mac, in which case it's been lifted already, and there are ways to get at your info, anyway, if it's unencrypted, as most Macs are.

Pretty dumb flaw, yes, but you deserve what you get if you leave your unattended, unlocked laptop lying around where people can physically get at it in the first place.
Laptop? How about all the schools and Universities that use iMacs with admin accounts? This is a HUGE flaw and shouldn’t be downplayed.
Score: 9 Votes (Like | Disagree)
KvR Avatar
92 months ago
Much easier (if your comfortable with the terminal) fix:

sudo passwd root

Just set a password on your root account.
Score: 8 Votes (Like | Disagree)
miniyou64 Avatar
92 months ago
Unbelievable. This is not Steve’s Apple.
Score: 5 Votes (Like | Disagree)
Doctor Q Avatar
92 months ago
A faster way to launch Directory Utility is to type "directory utility" in Spotlight, then press return. (This assumes that you have "Applications" enabled in Spotlight's preferences.)

Make sure you choose a secure root password. Leaving root enabled with an easily guessed password defeats the purpose.
Score: 5 Votes (Like | Disagree)

Popular Stories

Generic iOS 18

Apple Seeds Second Release Candidate Versions of iOS 18.2 and More With Genmoji, Image Playground and ChatGPT Integration

Monday December 9, 2024 10:06 am PST by
Apple today seeded the second release candidate versions of upcoming iOS 18.2, iPadOS 18.2, and macOS 15.2 updates to developers and public beta testers for testing purposes, a week after releasing the first RCs. The first iOS 18.2 RC had a build number of 22C150, while the second RC's build number is 22C151. Release candidates represent the final version of beta software that's expected to see a ...
Generic iOS 18

When Is iOS 18.2 Coming Out?

Tuesday December 10, 2024 1:43 am PST by
The next iOS 18.2 update featuring more substantial Apple Intelligence features will be released to the public before the holidays, according to Apple, but we have a more definite timeframe from other sources. In a newsroom article dated October 28 highlighting Apple Intelligence capabilities, Apple states that "new ‌Apple Intelligence‌ features will be available in December." Then in...
iPhone SE 4 Single Camera Thumb 3

iPhone SE 4 Said to Feature 48MP Rear Lens, 12MP TrueDepth Camera

Monday December 9, 2024 4:48 am PST by
Apple's forthcoming iPhone SE 4 will feature a single 48-megapixel rear camera and a 12-megapixel TrueDepth camera on the front, according to details revealed in a new Korean supply chain report. ET News reports that Korea-based LG Innotek is the main supplier of the front and rear camera modules for the more budget-friendly ~$400 device, which is expected to launch in the first quarter of...
iOS 18

Here Are Apple's Full Release Notes for iOS 18.2

Thursday December 5, 2024 11:48 am PST by
Apple seeded the release candidate version of iOS 18.2 today, which means it's going to see a public launch imminently. Release candidates represent the final version of new software that will be provided to the public should no last minute bugs be found, and Apple includes release notes with the RC launch. The iOS 18.2 release notes provide a look at all of the new features that are coming...
Apple MacBook Pro M4 hero

MacBook Pros With OLED Displays Won't Have a Notch, Roadmap Shows

Monday December 9, 2024 7:36 am PST by
Apple plans to remove the notch from the MacBook Pro in a few years from now, according to a roadmap shared by research firm Omdia. The roadmap shows that 14-inch and 16-inch MacBook Pro models released in 2026 will have a hole-punch camera at the top of the display, instead of a notch. It is unclear if there would simply be a pinhole in the display, or if Apple would expand the iPhone's...
New Things Your iPhone Can Do in iOS 18

20 New Things Your iPhone Can Do in iOS 18.2

Friday December 6, 2024 4:42 am PST by
Apple is set to release iOS 18.2 in the second week of December, bringing the second round of Apple Intelligence features to iPhone 15 Pro and iPhone 16 models. This update brings several major advancements to Apple's AI integration, including completely new image generation tools and a range of Visual Intelligence-based enhancements. There are a handful of new non-AI related feature controls...
vipps nfc tap to pay iphone

World's First Apple Pay Alternative for iPhone Launches in Norway

Monday December 9, 2024 1:28 am PST by
Norwegian payment service Vipps has become the world's first company to launch a competing tap-to-pay solution to Apple Pay on iPhone, following Apple's agreement with European regulators to open up its NFC technology to third parties. Starting December 9, Vipps users in Norway can make contactless payments in stores using their iPhones. The service initially supports customers of SpareBank...
airpods pro 2 gradient

AirPods Pro 3 Expected Next Year: Here's What We Know

Thursday November 28, 2024 3:30 am PST by
Despite being released over two years ago, Apple's AirPods Pro 2 continue to dominate the wireless earbud market. However, with the AirPods Pro 3 expected to launch sometime in 2025, anyone thinking of buying Apple's premium earbuds may be wondering if the next generation is worth holding out for. Apart from their audio and noise-canceling performance, which are generally regarded as...
iPhone 17 Slim Feature

iPhone 17 'Air' Expected to Be ~2mm Thinner Than iPhone 16 Pro

Friday December 6, 2024 4:07 pm PST by
In 2025, Apple is planning to debut a thinner version of the iPhone that will be sold alongside the iPhone 17, iPhone 17 Pro, and iPhone 17 Pro Max. This iPhone 17 "Air" will be about two millimeters thinner than the current iPhone 16 Pro, according to Bloomberg's Mark Gurman. The iPhone 16 Pro is 8.25mm thick, so an iPhone 17 that is 2mm thinner would come in at around 6.25mm. At 6.25mm,...