Major macOS High Sierra Bug Allows Full Admin Access Without Password - How to Fix [Updated]

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Nov 28, 2017.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    There appears to be a serious bug in macOS High Sierra that enables the root superuser on a Mac with a blank password and no security check.

    The bug, discovered by developer Lemi Ergin, lets anyone log into an admin account using the username "root" with no password. This works when attempting to access an administrator's account on an unlocked Mac, and it also provides access at the login screen of a locked Mac.

    [​IMG]

    To replicate, follow these steps from any kind of Mac account, admin or guest:

    1. Open System Preferences
    2. Choose Users & Groups
    3. Click the lock to make changes
    4. Type "root" in the username field
    5. Move the mouse to the Password field and click there, but leave it blank
    6. Click unlock, and it should allow you full access to add a new administrator account.

    At the login screen, you can also use the root trick to gain access to a Mac after the feature has been enabled in System Preferences. At the login screen, click "Other," and then enter "root" again with no password.

    This allows for admin-level access directly from the locked login screen, with the account able to see everything on the computer.

    It appears that this bug is present in the current version of macOS High Sierra, 10.13.1, and the macOS 10.13.2 beta that is in testing at the moment. It's not clear how such a significant bug got past Apple, but it's likely this is something that the company will immediately address.

    Until the issue is fixed, you can enable a root account with a password to prevent the bug from working. We have a full how to with a complete rundown on the steps available here.

    Update: An Apple spokesperson told MacRumors that a fix is in the works:
    Update 2: Apple released a security update to address the vulnerability on Wednesday morning. The update can be downloaded on all machines running macOS 10.3.1 using the Software Update mechanism in the Mac App Store. Apple says it will automatically push out the update to all users who have not installed it later in the day.

    In a statement provided to MacRumors, Apple said the company's engineers began working on a fix as soon as the problem was discovered. Apple also apologized for the vulnerability and said its development process is being audited to prevent something similar from happening in the future.
    All users should download the new security update immediately.

    Article Link: Major macOS High Sierra Bug Allows Full Admin Access Without Password - How to Fix [Updated]
     
  2. farewelwilliams macrumors 65816

    Joined:
    Jun 18, 2014
    #2
    doesn't work for me. on 10.13.1.

    EDIT
    works after a few tries. weird.
     
  3. Mr. Donahue macrumors 6502

    Mr. Donahue

    Joined:
    Sep 17, 2014
    #3
    PUll it together Craig. You’re embarrassing yourself and Apple with iOS 11 and now this? What a shame.
     
  4. Quu macrumors 68020

    Quu

    Joined:
    Apr 2, 2007
  5. Glideslope Suspended

    Glideslope

    Joined:
    Dec 7, 2007
    Location:
    A quiet place somewhere in NYS.
    #5
    10.13 the gift that just keeps on giving........... :eek:
     
  6. daveak macrumors regular

    Joined:
    Jun 28, 2009
    Location:
    Durham, UK
    #6
    Nope, prompts for admin credentials if I do that, latest beta.
     
  7. lammylamchops, Nov 28, 2017
    Last edited: Nov 28, 2017

    lammylamchops macrumors newbie

    Joined:
    Dec 7, 2016
    #7
    doesn't work for me, either

    Edit: Nevermind, it does work...
     
  8. ibrewster macrumors newbie

    ibrewster

    Joined:
    Jan 17, 2017
    Location:
    Fairbanks, AK
    #8
    Doesn't work for me on 10.13.1, even after a few tries. False alarm? Or some other obscure setting needed as well?
     
  9. GoodWheaties macrumors 6502

    GoodWheaties

    Joined:
    Jul 8, 2015
    Location:
    Colorado
    #9
    So they have to have already had access to the computer? Who else would have enabled it?
     
  10. hamiltonDSi, Nov 28, 2017
    Last edited: Nov 29, 2017

    hamiltonDSi macrumors 68000

    hamiltonDSi

    Joined:
    Jul 29, 2012
    Location:
    Romania
    #10
    10 years ago I started buying Apple products to avoid this kind of bugs.
    Funny how things change :)

    EDIT one day later :

    Apple pushed an update with a fix under 24 hours, this is why i'm still using Apple products :)
     
  11. plun9 macrumors newbie

    Joined:
    Oct 26, 2015
    #11
    Works for me after a few tries. (macOS High Sierra 10.13)
     
  12. arn macrumors god

    arn

    Staff Member

    Joined:
    Apr 9, 2001
    #12
    clarification: you need to select (focus) the password field, but leave it blank
     
  13. Reason077 macrumors 68000

    Reason077

    Joined:
    Aug 14, 2007
  14. jarman92 macrumors regular

    Joined:
    Nov 13, 2014
    #14
    Didn't work for me the first time either, but I was able to replicate it again and again after that. Truly no excuse for this one.

    Awesome job, Apple.
     
  15. asdavis10 macrumors regular

    asdavis10

    Joined:
    Feb 3, 2008
    Location:
    Bermuda
    #15
    The QA department must still be transitioning to Apple Park. I'm sure once everyone is settled in, attention to detail can resume.
     
  16. MacDawg macrumors P6

    MacDawg

    Joined:
    Mar 20, 2004
    Location:
    "Between the Hedges"
    #17
    10.13.1 here
    Followed the steps and it didn't unlock for me
     
  17. ryanayr macrumors regular

    ryanayr

    Joined:
    Sep 3, 2016
    Location:
    NW-London, UK
    #18
    This is worrying. Apple need to focus on Mac and stop rushing! What’s happening with Apple?
     
  18. justiny Contributor

    justiny

    Joined:
    Jul 28, 2008
    Location:
    Fairfield, NJ
    #19
    As much as this pisses me off (WTF Apple?!?), I’m glad these security lapses are exposed so they can be patched and corrected.

    I would imagine there will be an update for this by the end of the week at the latest.
     
  19. bradley8795 macrumors member

    Joined:
    Sep 19, 2013
    #20
    Latest beta, tried about 15 times, because the first post said that they were able to get it to happen after a few tries...does NOT work for me. 2017 TB MBP 13" base model.
     
  20. SqB macrumors 6502

    Joined:
    Jan 14, 2008
    Location:
    Northern Colorado
  21. turbineseaplane macrumors 68030

    turbineseaplane

    Joined:
    Mar 19, 2008
    #22
    We need an "Even Higher Sierra" release, and only that, this coming year.

    High Sierra is just stoned enough that she's letting everyone in...
    Maybe if Sierra gets a bit higher, paranoia, and security concerns, might kick in.
     
  22. rpe33 macrumors regular

    Joined:
    Jul 19, 2012
  23. jfischer macrumors regular

    Joined:
    Aug 18, 2014
    #24
    Yep, reproducible all day long on 10.13.1 for me. Worked first time, every time.
     
  24. bbfc macrumors 68030

    bbfc

    Joined:
    Oct 22, 2011
    Location:
    Newcastle, England.
    #25
    Doesn't work for me. Can't replicate. Tried numerous times. Keeps asking for my password.
     

Share This Page