Results 1 to 2 of 2

Thread: WARNING: Huge Bug Discovered macOS High Sierra

  1. #1
    Join Date
    Jul 2002
    Rep Power

    Default WARNING: Huge Bug Discovered macOS High Sierra

    Huge Bug Discovered macOS High Sierra, Lets Anyone Log In as Root Without Password

    A major bug has been discovered in macOS High Sierra that can allow anyone to log in as root without a password.

    The bug was discovered by Lemi Orhan Ergin‏ who tweeted about it this morning:

    Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as "root" with empty password after clicking on login button several times. Are you aware of it @Apple?

    The bug has been verified and it is a massive security risk. It appears that an attempt to login as root with no password will enable the root user if it's not already enabled and give you access to the device. It appears to work on macOS 10.13, 10.13.1, and 10.13.2 beta.

    To try the bug for yourself:
    ● Open System Preferences
    ● Choose Users & Groups from the System Preferences window
    ● Click the lock at the bottom left of the window
    ● Enter root as the username and hit enter or click Unlock.

    It's believed that the first time you click Unlock the root account is enabled and the second time you click unlock you gain access. However, some users report needing to click a few more times. Others report needing to move the cursor into the password field first.

    There have been reports of the bug working in Apple Script, in Installers, from the login window, from a guest account, via shared services login, and more.

    Team Leader

  2. #2
    Join Date
    Apr 2003
    Rep Power


    It's been fixed tho. Apple released an update for it already. Mac users just need to patch.
    "The best software is the one that fits your needs." - A_A

    Virus free since: date unknown
    Anti-virus free since: August 2008

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts