A major macOS High Sierra bug allows anyone to enables the root superuser on a Mac using a blank password. The bug, discovered by developer Lemi Ergin, allows anyone to log into an administrator account by using “root” as the username and a blank password.
The bug allows access to an administrator’s account on an unlocked Mac, and also allows access at the login screen of a locked Mac.
To attempt to replicate the issue, follow the steps listed below from any kind of Mac account:
- Open System Preferences
- Click on “Users & Groups”
- Click the lock in the lower left-hand corner of the window to make changes
- Enter “root” in the username field
- Click the mouse cursor in the Password field, but leave the field blank
- Click the “Unlock” button. You should now have full access to add a new administrator account.
The root trick can also be used at the login screen to access a Mac after the feature has bene enabled in System Preferences by using the above steps. At the login scree, just click “Other,” and then enter “root” again, with a blank password. You’ll have admin-level access, and will be able to see everything on the computer.
An Apple spokesman told MacRumors that the company is working on a fix:
“We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.”
Here are the instructions from the above link:
Enable or disable the root user
- Choose Apple menu () > System Preferences, then click Users & Groups (or Accounts).
- Click , then enter an administrator name and password.
- Click Login Options.
- Click Join (or Edit).
- Click Open Directory Utility.
- Click in the Directory Utility window, then enter an administrator name and password.
- From the menu bar in Directory Utility:
- Choose Edit > Enable Root User, then enter the password that you want to use for the root user.
- Or choose Edit > Disable Root User.
Log in as the root user
When the root user is enabled, you have the privileges of the root user only while logged in as the root user.
- Choose Apple menu > Log Out to log out of your current user account.
- At the login window, log in with the user name ”root” and the password you created for the root user.
If the login window is a list of users, click Other, then log in.
Remember to disable the root user after completing your task.
Change the root password
- Choose Apple menu () > System Preferences, then click Users & Groups (or Accounts).
- Click , then enter an administrator name and password.
- Click Login Options.
- Click Join (or Edit).
- Click Open Directory Utility.
- Click in the Directory Utility window, then enter an administrator name and password.
- From the menu bar in Directory Utility, choose Edit > Change Root Password…
- Enter a root password when prompted.
