Security hole on – MacOS High Sierra. Login as Root – No password needed!

Sounds unbelievable but it is true.  Use the username “root” and hit enter in the password field (i.e. no password) and you have full local admin access! So until it is fixed you physical security will be critical. Maybe a good idea not to travel with the mac. The Apple ecosystem is supposed to be one of the most secure but.. Even Android would (probably) not be that relaxed.

I upgraded to MacOS High Sierra at the weekend and tried out the “bug” today. It has been reported widely.  Not only does it work on the System Preferences panel.










But it works from the login page. Select “Other User”, type in Root as the username, hit enter in the password field (may need to do this a few times) and .. you are in!

Speak Your Mind