Skip to content

November 29, 2017

A critical MacOS login vulnerability is revealed; here’s how to fix it

by John_A

Anyone using MacOS High Sierra should be on high alert. A Twitter user revealed a massive security vulnerability which allows anyone to log into your system as an administrator without valid login credentials. All a malicious user has to do is attempt to log in as “root” from the login screen, leave the password field blank, and press enter over and over until the system allows access.

Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as "root" with empty password after clicking on login button several times. Are you aware of it @Apple?

— Lemi Orhan Ergin (@lemiorhan) November 28, 2017

That means anyone can approach your iMac, MacBook, or Mac Pro and access your computer without anything more than a couple keystrokes and zero technical know-how. Thankfully, there is a quick and easy fix. If you’ve already changed your system’s Root password, you’re safe. If not, however, changing that password should keep you safe until Apple issues an official patch.

If you’re running MacOS High Sierra, take a few minutes out of your day and apply this quick fix. First, we’re going to open up System Preferences, select Login Options, then click Join right beside Network Account Server. This will open up a small dialog box, there you will want to click Open Directory Utility.

From here, mouse up to your Finder bar, and click Edit. From this drop-down menu click Change Root Password. This is the most important part: Pick a strong, unique password that you won’t forget.

That’s it, problem solved — for now. Apple has yet to issue an official patch or set of instructions on how to protect yourself, but the above fix should do it. Just make sure you keep an eye on your Mac until this all gets sorted out.

The whole issue came to light after an industrious Twitter user pinged Apple Support’s official Twitter account for help regarding the vulnerability and from there it caught fire and spread. Twitter users from all over the world were confirming that they could replicate the vulnerability, and access their own computers without using anything more than a four-letter word.

This isn’t just a minor vulnerability either, this isn’t a loophole in some bit of code somewhere that only a security expert could exploit. This is a dead-simple way to break into someone else’s computer, and hopefully, there will be an official fix before long.

Editors’ Recommendations

  • MacOS High Sierra is available today, here’s how to download it
  • A High Sierra bug in the MacOS update could make it easy to steal passwords
  • MacOS High Sierra Review
  • MacOS High Sierra 10.13.1 adds 70 new emojis for more expressive conversations
  • MacOS High Sierra nears September 25 release — here’s what you need to know

Read more from News

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Note: HTML is allowed. Your email address will never be published.

Subscribe to comments

%d bloggers like this: