Critical Security Flaw Allows Root Access To macOS High Sierra Without Password: Here’s How To Avoid It
There appears to be a critical flaw within macOS High Sierra that allows anyone with physical access to a Mac running the operating system to gain full administrator access, no password required.
The flaw was publicly disclosed via Twitter Tuesday, Nov. 28. It persists on versions up to macOS 10.13.1, which is the current release. When the flaw is exploited, what happens is a user gets authenticated into a "System Administrator Account," allowing them to view files and, worse, change passwords for existing users on the given Mac. What's more, admin access entails the ability to remove or alter Apple IDs. The point is when a user gets this kind of access, they can essentially do all sorts of damage on the system.
Apple has responded to the tweet that first called attention to the bug, encouraging the author and other affected users to personally send a direct message to remedy the problem.
Those who dare to replicate the said security flaw should take note of the following steps:
First, open System Preferences. Then click on Users & Groups. Tick the lock icon to make changes. Input "root" in the username field, and then click on the password field, but don't input anything. Finally, click unlock, and it should then enable full access to add a new administrator account.
The flaw also lets users log into a locked Mac using essentially the same trick. At the login screen, choose Other and input "root" in the username field and then leave the password field blank. This will allow admin access directly from the locked login screen.
How To Avoid macOS High Sierra Security Flaw
It's important to note that this trick only works for Macs running macOS High Sierra and has "Guest User" enabled. Otherwise, the trick fails. Because of this, the easiest way to avoid it is to turn off the Guest User option. To do this, open System Preferences, click on Users & Groups, tick the lock icon, input the appropriate username and password, click on the "Guest User" on the leftmost tab, and then uncheck the box that says "Allow guests to log in to this computer."
Change macOS High Sierra Root Password
Just to be extra safe, users can also change their root password altogether. Open System Preferences, click on Users & Groups, tick the lock icon, input the appropriate username and password, select Login Options, and then select the Join option next to Network Account Server. Then select Open Directory Utility and tick the lock and enter the password to make changes. In the menu bar of the Directory Utility, choose Edit > Change Root Password. Finally, create a strong, unique password.
There is also the option to enable or disable the root user, the steps for which is available on Apple's website.
It remains unclear how such a critical operating system flaw made it past Apple's rigorous testing and security checks, but given its potential severity, it's likely Apple will address this immediately.
However, this isn't the first security flaw associated with the operating system. This past September, reports about a massive macOS High Sierra security risk surfaced, which apparently allowed hackers to steal passwords.