MacOS High Sierra bug allows access to Mac without a password


Apple has frequently marketed itself as providing a superior, more secure operating environment than you find in the PC universe (whether this is actually true or merely reflects Apple's relatively small market share is an argued question).

Click then lock icon in the Directory Utility window, then enter an administrator name and password. In the meantime, impacted users with admin access should type the following command from the terminal: '$ sudo passwd root'. But considering the fast uptake when it comes to Apple's latest operating systems, we're looking at a majority of vulnerable users who may have already jumped onto High Sierra.

Yesterday we wrote about a publicly-disclosed problem in Apple's macOS 10.13, better known as High Sierra.

Even though you couldn't exploit this hole remotely, at least by default, it was an astonishing lapse by Apple. The "root" flaw could be used to gain privileges that could then allow the attacker to gain privileges to exploit the OS in ways that aren't normally possible. It also apparently works if you simply hit the "login" button several times rather than using the keyboard, though a few tries may be necessary.

News of a vulnerability that opens up password-free root access to any Mac device running High Sierra shocked many users and security experts.

More news: Microsoft is building a massive new headquarters that looks nothing like Apple's

One Twitter user called Mike Hanley said: 'This is not the password-less future we all had in mind'. In a communication sent to ComputerWorld, Apple advised the following: "We are working on a software update to address this issue". He has faced criticism for revealing the flaw without first notifying Apple and providing the company with a reasonable amount of time to produce and test a fix, as responsible disclosure guidelines dictate.

If you thought that you needed a password to access a password-protected Mac, think again.

'To enable the Root User and set a password, please follow the instructions here.

Apple issued these instructions on how to disable the root user. The trick gave you system administration access to the computer, allowing you to mess around with other accounts and settings. Click "Login Options" then "Edit".