Skip to Content

Password glitch on MacOS gives anyone access to your Mac

We at always advise you to keep your gadgets up to date with the latest software updates for security purposes. However, if you’re a Mac owner, you may want to hold off updating to the latest version of High Sierra, 10.13.1, until this huge security flaw is fixed.

According to a torrent of Twitter posts and videos posted online, a bug in High Sierra allows anyone to gain administrator access to the Users & Groups settings by simply typing “root” as the username with no password to make changes. Oopsie.

9to5 Mac reports that the vulnerability was discovered by developer Lemi Orhan Ergin and he publicly contacted Apple Support to report the flaw.

Ergin wrote, “Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as ‘root’ with empty password after clicking on login button several times. Are you aware of it @Apple?”

In Unix-based systems like macOS, the user account named ”root” is a hidden superuser with elevated read and write privileges to more areas of the system, including files in other macOS user accounts.

The implications of this bug can be disastrous since any user can exploit the flaw and can change user privileges, reset passwords, create accounts and view personal files without having administrator privileges.

Reports are indicating that the flaw doesn’t affect older versions of macOS, including Sierra and El Capitan.

How to protect your Mac

Since the flaw is now public and it allows anyone to modify user accounts, we’re expecting a prompt software fix from Apple.

In the meantime, to protect your Mac against unauthorized access, we recommend disabling Guest Access and changing the Root password on your MacOS High Sierra 10.3.1 machine.

Additionally, since this flaw can only be exploited when a user is logged in, make sure you always lock or sign out of your Mac when it’s not in use.

How to disable Guest Users

  1. Launch System Preferences
  2. Select Users & Groups
  3. Select Guest User
  4. Uncheck Allow guests to log in to this computer

With all these evolving cybercrime schemes floating around, how can we ever hope to protect ourselves effectively? This trio of security firms may just have the answer. Click here to learn more about this new free service that can ultimately protect you from internet threats.

New eBook: ‘Cryptocurrency 101’

Don't want to lose your dough to crypto? Check out my new eBook, "Cryptocurrency 101." I walk you through buying, selling, mining and more!

Check it out