paint-brush
Apple’s newest bug allows you to sign in to any macOS High Sierra account with just the username…by@jonluca
2,400 reads
2,400 reads

Apple’s newest bug allows you to sign in to any macOS High Sierra account with just the username…

by JonLuca De CaroNovember 28th, 2017
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

The bug, found by Lemi Ergin, was originally posted to twitter on Tuesday morning. To replicate the bug, simply navigate to any prompt that requires elevated authentication, and replace the username with “root”, while leaving the password blank. Then repeatedly click unlock until it lets you through.

Companies Mentioned

Mention Thumbnail
Mention Thumbnail
featured image - Apple’s newest bug allows you to sign in to any macOS High Sierra account with just the username…
JonLuca De Caro HackerNoon profile picture

The bug, found by Lemi Ergin, was originally posted to twitter on Tuesday morning. To replicate the bug, simply navigate to any prompt that requires elevated authentication, and replace the username with “root”, while leaving the password blank. Then repeatedly click unlock until it lets you through.

This allows you to sign in to any device running macOS High Sierra as the root superuser, bypassing all security mechanisms that are currently in place.

Entering “root” as the username and leaving the password blank gives you access after a few attempts

A temporary fix is to enable the root superuser with a password, although this is a stop gap measure. Apple is expected to publish a hotfix soon, with a patch for this major security vulnerability.

Additionally, you could change the root password from terminal with

sudo passwd -u root