Major password bug within MacOS High Sierra

November 29, 2017

A bug has been found In the most recent version of the MacOS High Sierra operating system which makes it possible to gain entry to the machine without a password and allows access to administrator rights.

Password bug.jpg


The bug was discovered by a Turkish developer after he realised he could access the system by entering the username 'root', leaving the password field blank and hitting 'enter' several times. 

Those who have root access have more rights than a normal user - enabling them to be able to read and write the files of other accounts on the same machine. They can also delete crucial system files, which could render the computer unusable - or install malware that classic security software would struggle to identify. 

The bug cannot be exploited remotely, meaning for many users the threat only exists if a malicious person has physical access to the machine.

Apple are currently working on a fix and will release it as a security patch as soon as possible, which we highly recommend installing. However in the mean time there is a temporary solution:

Setting a root password prevents unauthorised access to your Mac, to enable the Root User and set a password, please follow the instructions here.

To ensure a blank password is not set for an already enabled Root User, please follow the instructions from the ‘Change the root password’ section.

Ensure your Mac is safe - enable a Root User password. 

How can we help you...

Have any questions? Want to know more about any of our managed IT services or to discuss outsourcing IT... our expert IT consulting team are at hand.

Whether you're a small, medium or large enterprise, with our IT expertise we can tailor our IT services, cloud services and security servicee to accommodate your business needs whilst enabling innovation, reliability and providing peace of mind.

Get In Touch