Developer Lem Ergin has discovered a serious bug in macOS High Sierra that allows anyone log into an admin account using the username “root” with no password. As per reports, it works when anyone attempts to access an administrator’s account on an unlocked Mac. Besides, it also allows access to the login screen of a locked Mac.
Update: Apple has released Security Update 2017-001 to fix the bug that enables access to the root superuser account with a blank password on any Mac running macOS High Sierra 10.13.1.
Apple is already aware of this bug and has issued a temporary solution to the problem.
“We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac.” – Apple
How to Enable Root User on Your Mac Running macOS High Sierra
Step #1. First off, you need to click on Apple menu at top left of the screen and then select System Preferences.
Step #2. Click on Users and Groups.
Step #3. Next, click on the Lock icon.
Then, you have to enter your admin Password and click on Unlock.
Step #4. Next up, click on Login Options. Then, click on Join or Edit.
Step #5. Click on Open Directory Utility.
Now, you have to click on the Lock icon.
Next, enter your Password again and click on Modify configuration.
Step #6. Click on Edit in the menubar and then click on “Enable Root User.”
Step #7. Finally, you need to enter and confirm your Root User Password. Ensure that password is strong.
You can also use the command line to create your Root User Password quickly.
How to Create Root User Password on Mac using Terminal
Step #1. Launch Terminal. (Simply open Spotlight Search → Type Terminal → Open it)
Step #2. Now, you need to type: sudo passwd -u root
Step #3. Now enter the Mac System password.
Step #4. Now, you need to enter and confirm your Root User Password.
Make sure not to disable the Root User as it will blank the password and let the bug work again.
That’s it!
Wrapping up:
Apple will soon release a permanent fix for this bug. In the meantime, use this solution to shield your Mac.
Have any feedback? Shoot it in the comments below.
You may want to read these posts as well: