/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow Us/ciol/media/post_banners/wp-content/uploads/2017/01/macbook.jpg)
Apple's macOS High Sierra has a serious bug that allows anyone to log in just by putting “root” in the user name field.
Needless to say, the hack is quite easy to pull off. It can be triggered through the Mac's System Preferences application when "Users & Groups" is selected, and the lock icon on the window is clicked. After that, a new login window will appear. Anyone who types "root" as the username, leaves the password field empty, and clicks unlock (once or twice) is on their way to a new account that has system admin privileges to the computer.
Root access allows someone to access your machine as a "superuser" with read and write privileges to many more system files, including those in other macOS accounts. The bug appears to have been first noticed by Lemi Orhan Ergin, founder of Software Craftsman Turkey, who noted it publicly on Twitter.
Don't fret just yet. There's a fix to it. As developer Colourmeamused tweeted, you need to set a root password:
Everyone with a Mac needs to set a root password NOW.
As a user with admin access, type the following command from the Terminal.sudo passwd -u root
Enter your password then a new password for the root user.
Anyone got a better fix?@SwiftOnSecurity @rotophonic @pwnallthethings— colourmeamused (@colourmeamused_) November 28, 2017
Apple acknowledged the issue and said it's working on it, "We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section."