Horrifying macOS Bug Lets Anyone Become Admin With No Password

Share

Apple Inc. customers have discovered a significant security flaw in the latest version of the operating system for Mac computers that allows anyone to log in without a password, potentially making private user data vulnerable.

After clicking unlock several times, it should eventually open up, no passwords necessary.

Disabling the root account in the open directory utility tool does not work, as the root account becomes re-enabled when entered into the user name field on login. This will prompt for a password for the Root user account.

Effectively, this issue renders any system running macOS High Sierra completely unsecured - as it doesn't just unlock the device, it gives Admin access. Then, click the "Join" button beside "Network Account Server" and a new panel will pop up. Changing the root password is the workaround for now.

Click the lock button, then enter your username and password when prompted. You really shouldn't leave your Mac unattended at all until Apple fixes this, and you should shut off guest access for your device.

CNET independently confirmed this security flaw exists and reached out to Apple about the issue.

As it now stands, the bug presents a huge security risk for devices running MacOS High Sierra. Quartz wasn't able to recreate the login bug, but was able to edit who has access to a computer in System Preferences on a Mac running macOS High Sierra 10.13.1. Edward Snowden, a key voice in the information security community after being the center of many years of National Security Agency leaks, commented on the disclosure.

Let us know how it goes for you, and stay tuned for Apple's macOS update soon...

Share