There is major security flaw discovered in macOS High Sierra that allows macOS High Sierra root access without any password requirement. This macOS High Sierra root bug potentially leaves your personal and business data at risk. Here we are going to talk about this security bug in greater details and will also walk you through step-by-step instruction to fix macOS high sierra root vulnerability.
The security bug in the latest version of Apple’s desktop operating system was first discovered by a developer named Lemi Orhan Ergin. He publicly contacted Apple about his discovery. The vulnerability would allow anyone with physical access to your Mac running macOS High Sierra to tinker with your personal data without requiring an admin username and password.
In case you are not familiar with the term “root,” it basically is an admin user with maximum access to a device. In macOS, root user/account is disabled by default. However, due to the bug in the operating system, the root user is enabled by default and allows anyone to access your Macbook or iMac running High Sierra without a password.
Apple has acknowledged that the security bug does exist and the company is actively working on pushing a fix to the general public. What should a general user do until Apple releases a fix through an update? Fret not, enable root password and set your desired password to prevent someone from unauthorized access to your Mac.
Note: Theis security vulnerability only affects macOS High Sierra devices. Any High Sierra user who has not disabled guest account access or did not change the root password (likely majority) are currently open to the security bug.
If your Mac is running macOS High Sierra then follow the step-by-step instruction below to fix the root bug of macOS High Sierra.
Until Apple releases macOS High Sierra Security update, there are two steps that a Mac user can take to mitigate the situations; disable the guest account: this will it more difficult for an attacker to get inside access and make changes to the Settings. However, this does not get rid of the current root bug that does not depend on a guest account access. Even the users who use a username and password to login to their Mac are vulnerable to this bug.
The second step that stops the security bug altogether is to change system’s root password. Please note that you will have to change root password once again after the Apple releases a fix for it.
How to change root password to fix macOS High Sierra root bug
If you have not enabled the root user (in most cases) then you will have to enable it first and then change the root password. Doing so will fix the root bug found inside the macOS High Sierra. Follow these steps:
- Click on the Apple logo at the top-left corner of the screen and choose System Preferences from the menu.
- Click on Users & Groups from the System Preferences.
- To make changes, you need to click the Lock icon at the bottom left of the Users & Groups window.
- You need to enter administrator username and password and click Unlock button.
- Click on the Login Options at the bottom left side of the window.
- Now click the Join button.
- Click the Open Directory Utility… button.
- Click on the Lock (at bottom-left of the window) to make changes.
- Input your admin username and password followed by a click on the Modify Configuration button.
- Now click Edit from the Menu bar at the top of the screen and choose Enable Root User (if you’ve not already enabled it). If the root user is already enabled, click Change Root Password… from the menu.
- Input a password for macOS root user and click OK.
- Click on the unlock icon to Lock it to prevent further changes.
That’s it! You are now protected from the recent macOS High Sierra bug until Apple releases an official fix for the root bug.