A potentially serious bug has been discovered by developer Lemi Orhan Ergin‏ that allows anyone to gain root access to your machine by attempting to login with the username “root” and leaving the password blank. The vulnerability can easily be replicated, but fortunately, there is a simple workaround to fix the problem on your Mac until Apple releases a patch.

You can try replicating the issue yourself:

  1. Open System Preferences.
  2. Choose Users & Groups in the lower left corner.
  3. Click the lock icon in the lower left corner.
  4. In the login box, type “root” as the username.
  5. Move the mouse to the Password field, click there, but leave it blank.
  6. Now click unlock.

This should now allow you access to the admin account, even the ability to update the password.

Ergin reported the issue on Twitter, and received a quick reply from Apple Support.

The bug is currently in the latest public version of macOS High Sierra, 10.13.1 as well as the macOS 10.13.2 beta. Considering the seriousness of this bug, Apple will undoubtedly release a fix as soon as possible.

Until then, there is a workaround you can enable if you’d like to be sure your Mac is locked down.

To protect yourself, just enable a root account with a password. You can check out Apple’s support document on how to do so, but we’ve copied the instructions here for brevity.

Enable Root user

  1. From the Apple menu (), select System Preferences, then click Users & Groups
  2. Click on the  lock icon in the lower left corner, then input your admin credentials
  3. Click on Login Options on the left side
  4. Then select “Join”, then choose Open Directory Utility
  5. Click the lock icon that appears, and then enter your administrator credentials
  6. In the menu bar of the Directory Utility, click Edit, then Enable Root User, then choose a password for the root user

Apple told the press that a fix is in the works.

Have you been able to replicate this bug on your machine? Let us know in the comments.

  • Thomas Gehman

    yup. Did it on the first try. wtf…

  • samitapio

    Someone on the NSA/US Gov needed an easy access to one spesific Mac 😉

  • triggerhappypunk

    I’ve already got root user enabled, so am I good?

  • Oscar Castillo

    Doesn’t work for me and I don’t have a root user.

  • Joshua The-Legend Wiebe

    This issue is easy to avoid if you don’t enable root. Just like turning off Siri on the lock screen.

    • Drew Diver

      Actually, my High Sierra install auto-enabled root. I disabled, rebooted and it was re-enabled again. It’s best to enable and set a passcode.

      • Joshua The-Legend Wiebe

        I don’t know how you have it auto enabled when I also have High Sierra and root is not enabled.

      • Drew Diver

        Join in on the #security thread on the MacAdmins Slack and take a look at all the other bizarre scenarios people are discovering.

  • Nick Greenway

    Is this issue isolated to only devices running high sierra? Or does this affect over OS’s?

  • LeXXaa

    I’ve already got root user enabled, so am I good?

    • Jostein Liverød

      You may have to change your root password.

  • Timothy

    Well that’s embarrassing.

    • Embarrasing indeed.

  • Mr_Coldharbour

    Same question as Nick Greenway, is this security flaw affecting other OS X systems? Does it affect El Capitan?

  • Wesh

    doesnt work on osx 10.10.4 Yosemite.

  • No problem. Worked first try. BUMMER!