Skip to Content

Password glitch on MacOS gives anyone access to your Mac

We at always advise you to keep your gadgets up to date with the latest software updates for security purposes. However, if you’re a Mac owner, you may want to hold off updating to the latest version of High Sierra, 10.13.1, until this huge security flaw is fixed.

According to a torrent of Twitter posts and videos posted online, a bug in High Sierra allows anyone to gain administrator access to the Users & Groups settings by simply typing “root” as the username with no password to make changes. Oopsie.

9to5 Mac reports that the vulnerability was discovered by developer Lemi Orhan Ergin and he publicly contacted Apple Support to report the flaw.

Ergin wrote, “Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as ‘root’ with empty password after clicking on login button several times. Are you aware of it @Apple?”

In Unix-based systems like macOS, the user account named ”root” is a hidden superuser with elevated read and write privileges to more areas of the system, including files in other macOS user accounts.

The implications of this bug can be disastrous since any user can exploit the flaw and can change user privileges, reset passwords, create accounts and view personal files without having administrator privileges.

Reports are indicating that the flaw doesn’t affect older versions of macOS, including Sierra and El Capitan.

How to protect your Mac

Since the flaw is now public and it allows anyone to modify user accounts, we’re expecting a prompt software fix from Apple.

In the meantime, to protect your Mac against unauthorized access, we recommend disabling Guest Access and changing the Root password on your MacOS High Sierra 10.3.1 machine.

Additionally, since this flaw can only be exploited when a user is logged in, make sure you always lock or sign out of your Mac when it’s not in use.

How to disable Guest Users

  1. Launch System Preferences
  2. Select Users & Groups
  3. Select Guest User
  4. Uncheck Allow guests to log in to this computer

With all these evolving cybercrime schemes floating around, how can we ever hope to protect ourselves effectively? This trio of security firms may just have the answer. Click here to learn more about this new free service that can ultimately protect you from internet threats.

Komando Community background

Join the Komando Community

Get even more know-how in the Komando Community! Here, you can enjoy The Kim Komando Show on your schedule, read Kim's eBooks for free, ask your tech questions in the Forum — and so much more.

Try it for 30 days