A potentially serious bug has been discovered by developer Lemi Orhan Ergin‏ that allows anyone to gain root access to your machine by attempting to login with the username “root” and leaving the password blank. The vulnerability can easily be replicated, but fortunately, there is a simple workaround to fix the problem on your Mac until Apple releases a patch.

You can try replicating the issue yourself:

  1. Open System Preferences.
  2. Choose Users & Groups in the lower left corner.
  3. Click the lock icon in the lower left corner.
  4. In the login box, type “root” as the username.
  5. Move the mouse to the Password field, click there, but leave it blank.
  6. Now click unlock.

This should now allow you access to the admin account, even the ability to update the password.

Ergin reported the issue on Twitter, and received a quick reply from Apple Support.

The bug is currently in the latest public version of macOS High Sierra, 10.13.1 as well as the macOS 10.13.2 beta. Considering the seriousness of this bug, Apple will undoubtedly release a fix as soon as possible.

Until then, there is a workaround you can enable if you’d like to be sure your Mac is locked down.

To protect yourself, just enable a root account with a password. You can check out Apple’s support document on how to do so, but we’ve copied the instructions here for brevity.

Enable Root user

  1. From the Apple menu (), select System Preferences, then click Users & Groups
  2. Click on the  lock icon in the lower left corner, then input your admin credentials
  3. Click on Login Options on the left side
  4. Then select “Join”, then choose Open Directory Utility
  5. Click the lock icon that appears, and then enter your administrator credentials
  6. In the menu bar of the Directory Utility, click Edit, then Enable Root User, then choose a password for the root user

Apple told the press that a fix is in the works.

Have you been able to replicate this bug on your machine? Let us know in the comments.