A newly discovered bug in macOS High Sierra enables the root superuser on a Mac with a blank password and no security check, essentially giving anyone full access to your Mac.

Apple is likely already working on a fix, but in the meantime, there's a temporary workaround -- enabling the root user with a password. Here's how:

  1. Open Spotlight and search for Directory Utility. directory utility spotlight
  2. Double click on the app result to open.
  3. Click on the lock at the bottom of the window to make changes and enter your username and password for an administrator account on your computer. directory utility
  4. In the menu bar at the top of the screen, choose "Edit." macoshighsierrarootbugeditmenu
  5. Select "Enable Root User."

From there, you can enter a password for the root user account, which prevents it from being accessed with a blank password, which is what the current bug allows to happen.

macoshighsierrarootbugpassword
Disabling the root user account again follows the same steps, but at the "Edit" portion of the process, you'll select "Disable Root User" to remove the option. Until the bug is fixed, though, you'll want to leave the root user account intact to prevent it from being accessed without a password.

To further protect your Mac, you can also disable guest accounts, though this is not a necessary step with a root password enabled. Guest accounts can be disabled by going to System Preferences > Users & Groups and choosing "Guest User" after entering your admin password. Disable "Allow guests to log in to this computer."

Update: Apple has released a security update to fix this issue, and all macOS High Sierra users should apply the update as soon as possible to ensure they are protected.

Related Forum: macOS High Sierra

Top Rated Comments

poppy10 Avatar
poppy10
84 months ago
This is such a fundamental and major security flaw, it's mind-blowing how it managed to get through Apple's QA

A critical vulnerability that allows root access to all macs with a single click. We'd be laughing at Microsoft if this had occurred with Windows
Score: 27 Votes (Like | Disagree)
rpmurray Avatar
rpmurray
84 months ago
Now the new backdoor that Apple added for the government has been blown.
Score: 12 Votes (Like | Disagree)
Sefstah Avatar
Sefstah
84 months ago
Or, you know, don't leave your laptop sitting around unlocked. As more or less 100% of your critical info is under your user account anyway, probably even in the easy to find Documents folder, it's almost useless to spend time (as a theif) monkeying with root accounts. Just yoink what you need directly. Creating a root password (as a theif) presumes future access to the Mac, in which case it's been lifted already, and there are ways to get at your info, anyway, if it's unencrypted, as most Macs are.

Pretty dumb flaw, yes, but you deserve what you get if you leave your unattended, unlocked laptop lying around where people can physically get at it in the first place.
Laptop? How about all the schools and Universities that use iMacs with admin accounts? This is a HUGE flaw and shouldn’t be downplayed.
Score: 9 Votes (Like | Disagree)
KvR Avatar
KvR
84 months ago
Much easier (if your comfortable with the terminal) fix:

sudo passwd root

Just set a password on your root account.
Score: 8 Votes (Like | Disagree)
miniyou64 Avatar
miniyou64
84 months ago
Unbelievable. This is not Steve’s Apple.
Score: 5 Votes (Like | Disagree)
Doctor Q Avatar
Doctor Q
84 months ago
A faster way to launch Directory Utility is to type "directory utility" in Spotlight, then press return. (This assumes that you have "Applications" enabled in Spotlight's preferences.)

Make sure you choose a secure root password. Leaving root enabled with an easily guessed password defeats the purpose.
Score: 5 Votes (Like | Disagree)
Read All Comments

Popular Stories

f 7ba5b5b668dd68b7179a599305cff6b117ef35d1

Apple Announces New iPad Pro With M4 Chip, OLED Display, and More

Tuesday May 7, 2024 7:15 am PDT by
Apple today unveiled redesigned iPad Pro models featuring the M4 chip, Ultra Retina XDR OLED displays, a nano-texture display option, and more. The new iPad Pro offers a considerably thinner design and slightly larger 11- and 13-inch display size options. The 11-inch model is 5.3mm thick and weighs less than a pound, while the 13-inch model is just 5.1mm thick and weighs a quarter pound less ...
Read Full Article571 comments
5

Apple Event Live Blog: New iPad Pro, iPad Air, and More

Tuesday May 7, 2024 6:33 am PDT by
Apple's "Let Loose" event kicks off today at the unusual time of 7:00 a.m. Pacific Time, and we're expecting to see an iPad-focused event with new iPad Pro and iPad Air models, updated Apple Pencil and Magic Keyboard accessories, and perhaps some other announcements. Apple is providing a live video stream on its website, on YouTube, and in the company's TV app across various platforms. We...
Read Full Article531 comments
maxresdefault

Everything Announced at Today's Apple Event

Tuesday May 7, 2024 1:06 pm PDT by
Apple today held the first event of 2024, debuting new iPad Air and iPad Pro models and accompanying accessories. While the event was faster than normal and took 40 minutes, we've condensed it down even further for those who want a quick overview of everything that was announced. Subscribe to the MacRumors YouTube channel for more videos. We've also got a full recap of all of the coverage...
Read Full Article171 comments
f 157980180c661f30ff9611287c90241baf30faff

Apple Announces Redesigned Magic Keyboard for New iPad Pro Starting at $299

Tuesday May 7, 2024 7:39 am PDT by
Apple at its "Let Loose" event today announced a new Magic Keyboard for the latest iPad Pro models, with a thinner, lighter design. Apple says the Magic Keyboard has been redesigned to be thinner and lighter, while maintaing the same floating design. Two colors are available that match the new iPad Pro. New features include a function row with screen brightness controls, an aluminum...
Read Full Article274 comments
iOS 17 All New Features Thumb

Apple Says iOS 17.5 Coming 'Soon' With These New Features for iPhones

Monday May 6, 2024 7:33 am PDT by
Apple today announced that iOS 17.5 will be released to the public "soon," following over a month of beta testing. While the software update is relatively minor, it does have a few new features and changes, as outlined in the list below. "The new Pride Radiance watch face and iPhone and iPad wallpapers will be available soon with watchOS 10.5, iOS 17.5, and iPadOS 17.5," said Apple, in its...
Read Full Article26 comments