Huge macOS Bug Allows Root Login Without a Password. Here's the Fix

Huge macOS Bug Allows Root Login Without a Password. Here's the Fix

Huge macOS Bug Allows Root Login Without a Password. Here's the Fix

This can be done by navigating to System Preferences, selecting Users and Groups, clicking Login Options on the left side of the menu, clicking the Join button next to Network Account Server, clicking Open Directory Utility, then clicking Edit in the Mac's menu bar to assign a password. Root is a "superuser" account with read and write privileges over the entire system, including other user accounts.

This flaw is significant but the risk to most users is quite low.

Many people have confirmed Ergin's discovery, and if you're running High Sierra, you can check it yourself.

The level of unbridled access this security hole permits - and it abruptly being made public - will nearly certainly prompt Apple to move fast in releasing an update for its Mac operating system.

Today, it was discovered that there's a major security vulnerability in the latest version of macOS, High Sierra.

Apple didn't immediately respond to a request for comment.

Give local for Giving Tuesday
They organize events to let employees volunteer with other people in the startup community to make the world a better place. American charities receive one third of their annual donations during the holiday season.

The exploit can be run in System Preferences.

Let's make this clear: this is a huge mistake on Apple's part, even if there's a relatively simple fix.

Click the lock button, then enter your username and password when prompted. After signing in as a guest, it was possible to change security settings and install apps and software updates from the Mac App Store, just by typing the user name "root".

These steps will create a root account on the computer with no password. Users can prevent an attacker from exploiting a bug by creating a "root" account themselves and giving it a custom password.

Click in the Directory Utility window, then enter an administrator name and password.

Once a password has been set for the "root" account, the flaw that allows a person to login as "root" with no password will no longer work.

Related news