Apple macOS High Sierra BUG Can Root Access Admin Without Password [How To Fix]
There looks a major bug in macOS High Sierra that enables the root superuser on a Mac with a blank password and no security check. Apple has later apologized for this bug and released a security update.
The latest bug that was discovered by developer Lemi Ergin, give access anyone log into an account using the username "root" with no password. This works when attempting to right of entry an administrator's account on an unlocked Apple Mac, and it also provides access to the login screen of a locked Mac.
It looks like this bug is present in the present version of macOS High Sierra, 10.13.1, and the Apple's macOS 10.13.2 beta that is in testing currently. It's not obvious how such an important bug got past Apple, but it's probably this is something that Apple will immediately address, as reported by GSM Arena.
At the login screen, the user can use the root trick to gain access to a macOS High Sierra after the feature has been enabled in System Preferences. The user at the login screen when clicking on "Other," and then enter "root" again with no password.
This allows for admin-level access straight from the locked login screen, with the accountable to see all on the computer. Anyone looking to exploit the bug would in most cases first need physical access to the Apple device while an admin is logged in. They would only need admission for a few seconds, though, and then might return any time to log in as an admin.
Apple pulls out a security update to recover this vulnerability. The latest update can be downloaded on all Apple devices running macOS 10.3.1 using the Software Update mechanism in the Mac App Store. Apple claims that it will automatically roll out the update to all the users who have not installed it later in the day.
Apple in a statement said that "we are working on a software update to address this issue," explained Apple when reached for comment. "Meanwhile, setting a root password prevents unauthorized access to your Mac." Instructions to do can be found on an Apple support page.