Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Major macOS High Sierra Bug Allows Full Admin Access Without Password - How to Fix [Updated]

What a joke. MacOS secure.... riiiiiight.... prob wasn't popular enough for hackers to target until recently. False sense of security.
 
Empty root password doesn't work for me, I had to use the real root password. What have I done wrong because I can't make this hack work? I want to be part of the majority and I want my Mac to be hackable. How do I make my Mac hackable?
 
This is going to be a huge issue for institutions. The only way I can think of for deploying a script to set a root password means that a password has to be pushed out in plain text. That seems to be an out of the frying pan/into the fire kind of solution.

BTW, the "root" trick seems to work in the Directory Utility password prompt, as well. It would be interesting to see how many other places are open.
 
The quality control in the more recent annual updates to the OS has been grim. Our business buying cycle has become timed to purchase machines before the next update is out, using the more refined (bug tested) version before for as long as possible. We have no HS computers working except one on test for which I am glad. Apple need to get their act together and stop the endless barrage of notifications to upgrade which cannot be dismissed with a simple click.
 
  • Like
Reactions: heffsf
erann said:
Empty root password doesn't work for me, I had to use the real root password. What have I done wrong because I can't make this hack work? I want to be part of the majority and I want my Mac to be hackable. How do I make my Mac hackable?
Click to expand...
This only works if the root password is blank or off.
[doublepost=1511939655][/doublepost]Also, what issues does this bring for remote access over SSH or VNC?
 
cerote said:
Saw some posts somewhere that said this was the worst lack of security in any OS ever. How about no password admin for windows forever. Boot into safe mode on pretty much anybody's machine and log in as admin and remove the users password and reboot and bam into their account. (People that knew better would give the admin a password but many did not.)
Click to expand...
If someone's got physical access you might as well say they could just unplug the machine and run off with it.
 
This is worse than the worst windows bugs i have seen, and i have seen a lot.
But it tells a story together with all the other recent apple related crap how this company moves downhill in quality terms by focusing seemingly most of their energy on facial features.
 
I just don’t recall ever having had so many issues with apple product software. Since 2003, I’ve had at least 7 computers from them including the first gen MacBook Air. I don’t recall these issues before.

I’ve been a macrumors user since 2004! Longest forum membership I’ve had.
 
  • Like
Reactions: heffsf and WatchFromAfar
Not sure if this has been posted here yet or not, sorry if it has, but apparently this vulnerability was posted as a helpful tip on Apple's own developer forums on November 13th.

https://forums.developer.apple.com/thread/79235

yV5go9J.jpg
 
  • Like
Reactions: Spectrum and WatchFromAfar
I consider it to be remarkable that servere bugs like this still come up, especially if you consider the huge beta programs that actually support the developers.
 
Wow. Totally unacceptable. Also just found out about the old bug (feature?) which lets anyone with access to your mac to not only reset the password but to gain access to your data too. This bug/feature was available for years too! WTF. And here I always thought macs were better than windows atleast when it comes to security of your data. Feel like an ignorant fool today.
 
  • Like
Reactions: Spectrum and George Dawes
erann said:
Empty root password doesn't work for me, I had to use the real root password. What have I done wrong because I can't make this hack work? I want to be part of the majority and I want my Mac to be hackable. How do I make my Mac hackable?
Click to expand...
oh, then just switch on your mac pressing cmd+S and enjoy single user mode with full root access to your data unless you chose full encryption with firevault...
 
  • Like
Reactions: Macneck
asdavis10 said:
The QA department must still be transitioning to Apple Park. I'm sure once everyone is settled in, attention to detail can resume.
Click to expand...
Doubt so. When the first thing you see when looking out of the window is Joni whispering with trees, I'd certainly need root access for some final/fatal action.
 
Last edited:
OMG I can hear those PR mills cracking...
Tim Cook: "This confirms our strategy where millions and millions of beta testers around the world are being involved in an early stage. They share this responsibility with us. Bug-free software does not exist"
 
  • Like
Reactions: George Dawes, arkitect and WatchFromAfar
Worked for me on the second try.

Tried it again. This time around it took about four tries. During the forth time the contextual window would shake but unlock System Preferences > Security & Privacy regardless.

Wow this is really bad.
 
MacRumors said:



There appears to be a serious bug in macOS High Sierra that enables the root superuser on a Mac with a blank password and no security check.

The bug, discovered by developer Lemi Ergin, lets anyone log into an admin account using the username "root" with no password. This works when attempting to access an administrator's account on an unlocked Mac, and it also provides access at the login screen of a locked Mac.

rootbug-800x583.jpg

To replicate, follow these steps from any kind of Mac account, admin or guest:

1. Open System Preferences
2. Choose Users & Groups
3. Click the lock to make changes
4. Type "root" in the username field
5. Move the mouse to the Password field and click there, but leave it blank
6. Click unlock, and it should allow you full access to add a new administrator account.

At the login screen, you can also use the root trick to gain access to a Mac after the feature has been enabled in System Preferences. At the login screen, click "Other," and then enter "root" again with no password.

This allows for admin-level access directly from the locked login screen, with the account able to see everything on the computer.

It appears that this bug is present in the current version of macOS High Sierra, 10.13.1, and the macOS 10.13.2 beta that is in testing at the moment. It's not clear how such a significant bug got past Apple, but it's likely this is something that the company will immediately address.

Until the issue is fixed, you can enable a root account with a password to prevent the bug from working. We have a full how to with a complete rundown on the steps available here.

Update: An Apple spokesperson told MacRumors that a fix is in the works:

Article Link: Major macOS High Sierra Bug Allows Full Admin Access Without Password - How to Fix [Updated]
Click to expand...


Another successful scrum-agile project...:rolleyes:
 
Last edited:
  • Like
Reactions: heffsf, naturalstar, theluggage and 1 other person
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back