The bug, found by Lemi Ergin, was originally posted to twitter on Tuesday morning. To replicate the bug, simply navigate to any prompt that requires elevated authentication, and replace the username with “root”, while leaving the password blank. Then repeatedly click unlock until it lets you through. This allows you to sign in to any device running High Sierra as the root superuser, bypassing all mechanisms that are currently in place. macOS security Entering “root” as the username and leaving the password blank gives you access after a few attempts A temporary fix is to , although this is a stop gap measure. Apple is expected to publish a hotfix soon, with a patch for this major security vulnerability. enable the root superuser with a password Additionally, you could change the root password from terminal with sudo passwd -u root

Apple

Twitter

Too Long; Didn't Read

Get free API security automated scan in minutes

Apple’s newest bug allows you to sign in to any macOS High Sierra account with just the username…

Too Long; Didn't Read

Companies Mentioned

@jonluca

RELATED STORIES