Major macOS High Sierra Bug Allows Full Admin Access Without Password - How to Fix [Updated]

There appears to be a serious bug in macOS High Sierra that enables the root superuser on a Mac with a blank password and no security check.

The bug, discovered by developer Lemi Ergin, lets anyone log into an admin account using the username "root" with no password. This works when attempting to access an administrator's account on an unlocked Mac, and it also provides access at the login screen of a locked Mac.

rootbug
To replicate, follow these steps from any kind of Mac account, admin or guest:

1. Open System Preferences
2. Choose Users & Groups
3. Click the lock to make changes
4. Type "root" in the username field
5. Move the mouse to the Password field and click there, but leave it blank
6. Click unlock, and it should allow you full access to add a new administrator account.

At the login screen, you can also use the root trick to gain access to a Mac after the feature has been enabled in System Preferences. At the login screen, click "Other," and then enter "root" again with no password.

This allows for admin-level access directly from the locked login screen, with the account able to see everything on the computer.

It appears that this bug is present in the current version of macOS High Sierra, 10.13.1, and the macOS 10.13.2 beta that is in testing at the moment. It's not clear how such a significant bug got past Apple, but it's likely this is something that the company will immediately address.

Until the issue is fixed, you can enable a root account with a password to prevent the bug from working. We have a full how to with a complete rundown on the steps available here.

Update: An Apple spokesperson told MacRumors that a fix is in the works:

"We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the 'Change the root password' section."

Update 2: Apple released a security update to address the vulnerability on Wednesday morning. The update can be downloaded on all machines running macOS 10.3.1 using the Software Update mechanism in the Mac App Store. Apple says it will automatically push out the update to all users who have not installed it later in the day.

In a statement provided to MacRumors, Apple said the company's engineers began working on a fix as soon as the problem was discovered. Apple also apologized for the vulnerability and said its development process is being audited to prevent something similar from happening in the future.

Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS.

When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. This morning, as of 8 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.

We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.

All users should download the new security update immediately.

Related Stories

Best Black Friday Deals on Apple Watch, AirPods Pro, MacBook Pro, More

Black Friday 2021 has kicked off, and you can now get some of the year's best deals on numerous Apple products. In this article we're providing a quick summary of all the best sales we've seen so far this season. For more on the best sales happening this week, visit our Black Friday Roundup. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a...

Apple Delays iOS 15 Feature for Adding Your Driver's License to Your iPhone Until Early 2022

Tuesday November 23, 2021 9:35 am PST by Joe Rossignol

Apple recently updated its website to indicate that an upcoming iOS 15 and watchOS 8 feature that will let you add your driver's license or state ID to your iPhone and Apple Watch in participating U.S. states has been delayed until early 2022. Apple previously said the feature would launch in late 2021. In September, Apple said Arizona and Georgia would be among the first states to introduce ...

Black Friday: AirPods Pro With MagSafe Drop to $159 on Amazon

Amazon is now matching Walmart's price on the AirPods Pro with MagSafe, available for $159.00, down from $249.00. These are shipped and sold directly from Amazon, and in stock now. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running. Stock may begin dwindling soon, ...

Black Friday: AirPods Pro With MagSafe Hit Lowest Ever Price

Apple's AirPods Pro with the new MagSafe Charging Case is now available for its lowest ever price thanks to Black Friday sales. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running. The limited-time deal is available at both Amazon and Walmart, which are both...

There's No Windows for Arm Macs Yet Because Microsoft Has Secret Exclusivity Deal With Qualcomm

Monday November 22, 2021 12:56 pm PST by Juli Clover

Microsoft has declined to make a version of Windows 11 available for Apple's M1, M1 Pro, and M1 Max Macs that are built on an Arm architecture, and now we may know the reason - a secret exclusivity deal with Qualcomm. Subscribe to the MacRumors YouTube channel for more videos. According to XDA-Developers, Arm-based Windows has only been made available on devices with Qualcomm SoC's because of ...

Apple Black Friday: AirPods Pro With MagSafe Drop to All-Time Low of $159 ($90 Off)

Update November 23: This deal is now also available at Amazon. Black Friday is officially in full swing this afternoon, with the launch of one of the first major discounts at Walmart. There you can get Apple's AirPods Pro with MagSafe Charging Case for just $159.00, down from $249.00. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a...

HomeKit Accessories Worth Checking Out

Tuesday November 23, 2021 7:06 am PST by Juli Clover

Every so often, MacRumors videographer Dan rounds up some of his favorite home products that he's been using. We have another installment of our HomeKit series, this time featuring devices from Lutron, Belkin, Sonos, and more. Subscribe to the MacRumors YouTube channel for more videos. You can see everything in action in the video, and we have links and a short description for the HomeKit...

Spotify Users Growing Impatient and Canceling Subscriptions Over Lack of Native HomePod Support

Monday November 22, 2021 10:39 am PST by Sami Fathi

Spotify users are growing impatient with the music streaming giant over its lack of HomePod support, pushing several customers to the brink of canceling their subscriptions entirely and moving to alternative platforms, such as Apple Music. More than a year ago, at the 2020 Worldwide Developers Conference, Apple announced that it would be adding third-party music service support to HomePod. A ...