ALERT: Anyone Can Access Your Mac As Root With No Password — Here’s How To Fix

Share on twitter
Share on whatsapp
Share on facebook
macos root bug
If you’re currently working on a macOS-powered machine, there are good chances that you might be running the latest macOS High Sierra operating system. In what could be one of the most recent and biggest flaws in macOS security, a bug allows anyone to gain the complete control over your computer without any password.

This bug was spotted by software engineer Lemi Orhan Ergin (Twitter profile). He was able to bypass the security by putting the word “root” in the username field in a login window and hitting the enter button with password empty. He was able to log into the operating system with root privileges after a few tries.

This way, anyone can login to a computer just after a reboot. After hitting the enter button a few times, you’re instantly logged in as a superuser, getting read/write privileges on system files.

It’s also worth noting that this flaw was discussed on Apple Support Forum a couple of weeks ago, according to The Register, but nobody noticed its gravity:

By getting this kind of unfettered access, a mischievous being can cause damage to your machine by installing malware, stealing data, making changes to essential system files, etc. So, you are advised not to leave your Mac attended unless you fix this problem.

How to fix “login as root with no password” flaw in macOS?

While this bug is really embarrassing for Apple and it shows lack of testing by the engineering team, this flaw can be fixed in few simple steps until Apple releases an official patch. You can do so by setting a root password. To do the same, launch a Terminal window, type “sudo su” and authenticate it with your own password to become root. Now type “passwd” and follow the instructions to change the password. That’s all.

We hope that Apple is working to fix the issue as soon as possible and release an official patch.

What are your views on this macOS blunder? Share your opinions with other readers and us.

Also Read: World’s Biggest Botnet “Necurs” Sends 12.5 Million Scarab Ransomware Emails
Adarsh Verma

Adarsh Verma

Fossbytes co-founder and an aspiring entrepreneur who keeps a close eye on open source, tech giants, and security. Get in touch with him by sending an email — [email protected]

New on Fossbytes

Scroll to Top