Here's How to Temporarily Fix the macOS High Sierra Bug That Gives Full Admin Access to Your Mac Sans Password [Updated]

Discussion in 'Mac Blog Discussion' started by MacRumors, Nov 28, 2017.

  1. MacRumors macrumors bot


    Apr 12, 2001

    A newly discovered bug in macOS High Sierra enables the root superuser on a Mac with a blank password and no security check, essentially giving anyone full access to your Mac.

    Apple is likely already working on a fix, but in the meantime, there's a temporary workaround -- enabling the root user with a password. Here's how:
    1. Open Spotlight and search for Directory Utility.
    2. Double click on the app result to open.
    3. Click on the lock at the bottom of the window to make changes and enter your username and password for an administrator account on your computer.
    4. In the menu bar at the top of the screen, choose "Edit."
    5. Select "Enable Root User."
    From there, you can enter a password for the root user account, which prevents it from being accessed with a blank password, which is what the current bug allows to happen.


    Disabling the root user account again follows the same steps, but at the "Edit" portion of the process, you'll select "Disable Root User" to remove the option. Until the bug is fixed, though, you'll want to leave the root user account intact to prevent it from being accessed without a password.

    To further protect your Mac, you can also disable guest accounts, though this is not a necessary step with a root password enabled. Guest accounts can be disabled by going to System Preferences > Users & Groups and choosing "Guest User" after entering your admin password. Disable "Allow guests to log in to this computer."

    Update: Apple has released a security update to fix this issue, and all macOS High Sierra users should apply the update as soon as possible to ensure they are protected.

    Article Link: Here's How to Temporarily Fix the macOS High Sierra Bug That Gives Full Admin Access to Your Mac Sans Password [Updated]
  2. poppy10 macrumors regular

    Sep 25, 2012
    This is such a fundamental and major security flaw, it's mind-blowing how it managed to get through Apple's QA

    A critical vulnerability that allows root access to all macs with a single click. We'd be laughing at Microsoft if this had occurred with Windows
  3. riverfreak macrumors demi-god


    Jan 10, 2005
    Thonglor, Bangkok
  4. Doctor Q, Nov 28, 2017
    Last edited: Nov 28, 2017

    Doctor Q Administrator

    Doctor Q

    Staff Member

    Sep 19, 2002
    Los Angeles
    A faster way to launch Directory Utility is to type "directory utility" in Spotlight, then press return. (This assumes that you have "Applications" enabled in Spotlight's preferences.)

    Make sure you choose a secure root password. Leaving root enabled with an easily guessed password defeats the purpose.
  5. vicviper789 macrumors member

    Jun 5, 2013
    you'd have to be high to install high sierra
  6. xSyKoTiKx macrumors newbie

    Nov 28, 2017

    Except it doesn't work correctly. You can set a password on the root account, and that part works. The part that doesn't work is disabling the account. It will SAY that it's disabled in the menu, but if you just try using it again (with your new password) it will still work, and when you go to look at the Directory Utility's menu setting, it will show the root user is enabled once again. The only thing you can do is put a password on the account and call it a day, until Apple fixes the bug(s).
  7. miniyou64 macrumors 6502


    Jul 8, 2008
  8. KvR macrumors newbie

    Jan 11, 2017
    Much easier (if your comfortable with the terminal) fix:

    sudo passwd root

    Just set a password on your root account.
  9. Cmd-Z macrumors 6502


    Nov 14, 2014
    Coyote, CA
  10. rpmurray macrumors member

    Feb 21, 2017
    Back End of Beyond
    Now the new backdoor that Apple added for the government has been blown.
  11. mattyj2001 macrumors newbie

    Oct 29, 2015
    Or, you know, don't leave your laptop sitting around unlocked. As more or less 100% of your critical info is under your user account anyway, probably even in the easy to find Documents folder, it's almost useless to spend time (as a theif) monkeying with root accounts. Just yoink what you need directly. Creating a root password (as a theif) presumes future access to the Mac, in which case it's been lifted already, and there are ways to get at your info, anyway, if it's unencrypted, as most Macs are.

    Pretty dumb flaw, yes, but you deserve what you get if you leave your unattended, unlocked laptop lying around where people can physically get at it in the first place.
  12. shareef777 macrumors 68020


    Jul 26, 2005
    Chicago, IL
    Well, at least I don't have to type in any password to change the ROOT PASSWORD!? SMDH.
  13. Dominicanyor macrumors 6502a


    Apr 1, 2012
    I have not updated my MacBook Air. I’m still Yosemite!
  14. thisisnotmyname macrumors 68000


    Oct 22, 2014
    known but velocity indeterminate
    I thought this exploit worked on locked systems too though so...
  15. plun9 macrumors newbie

    Oct 26, 2015
    On Windows XP, the default Administrator password was blank.
  16. Doctor Q Administrator

    Doctor Q

    Staff Member

    Sep 19, 2002
    Los Angeles
    Note that these instructions don't tell you to disable the root account. They mention HOW to disable it, if and when you want to, but advise you not to until the bug is fixed.

    If there's a flaw in the procedure to disable the root user, then let's hope Apple fixes that too.
  17. SnarkyBear macrumors member


    Apr 24, 2014
    My iMac is still using El Capitan, just confirmed that this is NOT an issue.
  18. findjohnny macrumors newbie


    Nov 28, 2017
    This "fix" is not working on my system running High Sierra Version 10.132 Beta (17C83a) - funny thing is after using "root" to login I've noticed that root user is enabled when checking in the Directory Util after - if I disable - try the root bug again - go back in the Directory Util it's enabled again .. ?
  19. Sefstah macrumors 6502

    Dec 21, 2015
    Laptop? How about all the schools and Universities that use iMacs with admin accounts? This is a HUGE flaw and shouldn’t be downplayed.
  20. Darmok N Jalad macrumors 6502a

    Darmok N Jalad

    Sep 26, 2017
    So the lesson should have been learned long ago. XP was a total security mess until about SP2. Before XP, always on broadband wasn’t yet commonplace, so flawed software was less exposed. Today, seemingly everyone is looking for the holes.
  21. pallymore macrumors member


    Sep 24, 2013
    Boston, MA
    Yes, it is always the users’ fault.

    I’m pretty sure software/hardware companies only need to test their products the correct way they are supposed to be used.
  22. lmjabreu macrumors newbie


    Aug 20, 2015
    You can open Directory Utility from Spotlight, saves a few steps.
  23. banfiz, Nov 28, 2017
    Last edited by a moderator: Nov 28, 2017

    banfiz macrumors newbie


    Jan 4, 2017
    London, England
    Open terminal and type dsenableroot
    Enter you admin password and the set a root password and confirm

    So much simpler
  24. simonmet, Nov 28, 2017
    Last edited: Nov 28, 2017

    simonmet macrumors 68000


    Sep 9, 2012
    Sydney, New South Wales, Australia
    This is an extraordinary level of incompetence. Normally I’d say security bypasses like this are by design but this is such an easy and obvious bypass that it was bound to be discovered fairly quickly.

    What does this say about the state of software development at Apple? I get that mistakes and bugs happen but something this severe and easy to replicate can’t have occurred without multiple people not doing their jobs properly.

    Does Apple have QA anymore?
  25. archvile macrumors regular


    Oct 27, 2007
    Can someone confirm if this bug/exploit works on a Mac with touch bar/ Touch ID?

Share This Page