Here's How to Temporarily Fix the macOS High Sierra Bug That Gives Full Admin Access to Your Mac Sans Password [Updated]

Discussion in 'Mac Blog Discussion' started by MacRumors, Nov 28, 2017.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    A newly discovered bug in macOS High Sierra enables the root superuser on a Mac with a blank password and no security check, essentially giving anyone full access to your Mac.

    Apple is likely already working on a fix, but in the meantime, there's a temporary workaround -- enabling the root user with a password. Here's how:
    1. Open Spotlight and search for Directory Utility.
      [​IMG]
    2. Double click on the app result to open.
    3. Click on the lock at the bottom of the window to make changes and enter your username and password for an administrator account on your computer.
      [​IMG]
    4. In the menu bar at the top of the screen, choose "Edit."
      [​IMG]
    5. Select "Enable Root User."
    From there, you can enter a password for the root user account, which prevents it from being accessed with a blank password, which is what the current bug allows to happen.

    [​IMG]

    Disabling the root user account again follows the same steps, but at the "Edit" portion of the process, you'll select "Disable Root User" to remove the option. Until the bug is fixed, though, you'll want to leave the root user account intact to prevent it from being accessed without a password.

    To further protect your Mac, you can also disable guest accounts, though this is not a necessary step with a root password enabled. Guest accounts can be disabled by going to System Preferences > Users & Groups and choosing "Guest User" after entering your admin password. Disable "Allow guests to log in to this computer."

    Update: Apple has released a security update to fix this issue, and all macOS High Sierra users should apply the update as soon as possible to ensure they are protected.

    Article Link: Here's How to Temporarily Fix the macOS High Sierra Bug That Gives Full Admin Access to Your Mac Sans Password [Updated]
     
  2. poppy10 macrumors regular

    Joined:
    Sep 25, 2012
    Location:
    UK
    #2
    This is such a fundamental and major security flaw, it's mind-blowing how it managed to get through Apple's QA

    A critical vulnerability that allows root access to all macs with a single click. We'd be laughing at Microsoft if this had occurred with Windows
     
  3. riverfreak macrumors demi-god

    riverfreak

    Joined:
    Jan 10, 2005
    Location:
    Thonglor, Bangkok
  4. Doctor Q, Nov 28, 2017
    Last edited: Nov 28, 2017

    Doctor Q Administrator

    Doctor Q

    Staff Member

    Joined:
    Sep 19, 2002
    Location:
    Los Angeles
    #4
    A faster way to launch Directory Utility is to type "directory utility" in Spotlight, then press return. (This assumes that you have "Applications" enabled in Spotlight's preferences.)

    Make sure you choose a secure root password. Leaving root enabled with an easily guessed password defeats the purpose.
     
  5. vicviper789 macrumors member

    Joined:
    Jun 5, 2013
    #5
    you'd have to be high to install high sierra
     
  6. xSyKoTiKx macrumors newbie

    Joined:
    Nov 28, 2017
    #6

    Except it doesn't work correctly. You can set a password on the root account, and that part works. The part that doesn't work is disabling the account. It will SAY that it's disabled in the menu, but if you just try using it again (with your new password) it will still work, and when you go to look at the Directory Utility's menu setting, it will show the root user is enabled once again. The only thing you can do is put a password on the account and call it a day, until Apple fixes the bug(s).
     
  7. miniyou64 macrumors 6502

    miniyou64

    Joined:
    Jul 8, 2008
  8. KvR macrumors newbie

    Joined:
    Jan 11, 2017
    #8
    Much easier (if your comfortable with the terminal) fix:

    sudo passwd root


    Just set a password on your root account.
     
  9. Cmd-Z macrumors 6502

    Cmd-Z

    Joined:
    Nov 14, 2014
    Location:
    Coyote, CA
  10. rpmurray macrumors member

    Joined:
    Feb 21, 2017
    Location:
    Back End of Beyond
    #10
    Now the new backdoor that Apple added for the government has been blown.
     
  11. mattyj2001 macrumors newbie

    Joined:
    Oct 29, 2015
    #11
    Or, you know, don't leave your laptop sitting around unlocked. As more or less 100% of your critical info is under your user account anyway, probably even in the easy to find Documents folder, it's almost useless to spend time (as a theif) monkeying with root accounts. Just yoink what you need directly. Creating a root password (as a theif) presumes future access to the Mac, in which case it's been lifted already, and there are ways to get at your info, anyway, if it's unencrypted, as most Macs are.

    Pretty dumb flaw, yes, but you deserve what you get if you leave your unattended, unlocked laptop lying around where people can physically get at it in the first place.
     
  12. shareef777 macrumors 68020

    shareef777

    Joined:
    Jul 26, 2005
    Location:
    Chicago, IL
    #12
    Well, at least I don't have to type in any password to change the ROOT PASSWORD!? SMDH.
     
  13. Dominicanyor macrumors 6502a

    Dominicanyor

    Joined:
    Apr 1, 2012
    Location:
    Florida
    #13
    I have not updated my MacBook Air. I’m still Yosemite!
     
  14. thisisnotmyname macrumors 65816

    thisisnotmyname

    Joined:
    Oct 22, 2014
    Location:
    known but velocity indeterminate
    #14
    I thought this exploit worked on locked systems too though so...
     
  15. plun9 macrumors newbie

    Joined:
    Oct 26, 2015
    #15
    On Windows XP, the default Administrator password was blank.
     
  16. Doctor Q Administrator

    Doctor Q

    Staff Member

    Joined:
    Sep 19, 2002
    Location:
    Los Angeles
    #16
    Note that these instructions don't tell you to disable the root account. They mention HOW to disable it, if and when you want to, but advise you not to until the bug is fixed.

    If there's a flaw in the procedure to disable the root user, then let's hope Apple fixes that too.
     
  17. SnarkyBear macrumors member

    SnarkyBear

    Joined:
    Apr 24, 2014
    #17
    My iMac is still using El Capitan, just confirmed that this is NOT an issue.
     
  18. findjohnny macrumors newbie

    findjohnny

    Joined:
    Nov 28, 2017
    #18
    This "fix" is not working on my system running High Sierra Version 10.132 Beta (17C83a) - funny thing is after using "root" to login I've noticed that root user is enabled when checking in the Directory Util after - if I disable - try the root bug again - go back in the Directory Util it's enabled again .. ?
     
  19. Sefstah macrumors 6502

    Joined:
    Dec 21, 2015
    #19
    Laptop? How about all the schools and Universities that use iMacs with admin accounts? This is a HUGE flaw and shouldn’t be downplayed.
     
  20. Darmok N Jalad macrumors member

    Darmok N Jalad

    Joined:
    Sep 26, 2017
    Location:
    Tanagra
    #20
    So the lesson should have been learned long ago. XP was a total security mess until about SP2. Before XP, always on broadband wasn’t yet commonplace, so flawed software was less exposed. Today, seemingly everyone is looking for the holes.
     
  21. pallymore macrumors member

    pallymore

    Joined:
    Sep 24, 2013
    Location:
    Boston, MA
    #21
    Yes, it is always the users’ fault.

    I’m pretty sure software/hardware companies only need to test their products the correct way they are supposed to be used.
     
  22. lmjabreu macrumors newbie

    lmjabreu

    Joined:
    Aug 20, 2015
    #22
    You can open Directory Utility from Spotlight, saves a few steps.
     
  23. banfiz, Nov 28, 2017
    Last edited by a moderator: Nov 28, 2017

    banfiz macrumors newbie

    banfiz

    Joined:
    Jan 4, 2017
    Location:
    London, England
    #23
    Open terminal and type dsenableroot
    Enter you admin password and the set a root password and confirm

    So much simpler
     
  24. simonmet, Nov 28, 2017
    Last edited: Nov 28, 2017

    simonmet macrumors 65816

    simonmet

    Joined:
    Sep 9, 2012
    Location:
    Sydney, New South Wales
    #24
    This is an extraordinary level of incompetence. Normally I’d say security bypasses like this are by design but this is such an easy and obvious bypass that it was bound to be discovered fairly quickly.

    What does this say about the state of software development at Apple? I get that mistakes and bugs happen but something this severe and easy to replicate can’t have occurred without multiple people not doing their jobs properly.

    Does Apple have QA anymore?
     
  25. archvile macrumors regular

    archvile

    Joined:
    Oct 27, 2007
    #25
    Can someone confirm if this bug/exploit works on a Mac with touch bar/ Touch ID?
     

Share This Page