Embarrassing Simple Security Exploit in macOS High Sierra

There's a gigantic flaw in Apple's new macOS High Sierra operating system that allows anyone who has physical access to a Mac to attain administrator access without even entering a password!

The bug is triggered by the authentication dialog box in Apple's OS, which prompts you for an administrator's username and password. This prompt usually happens when you need to install a program or configure privacy settings.

If you type in "root" as a username, leave the password box empty, hit "Enter" and then click on unlock a few times, the prompt will disappear and "voila!" you now have admin rights. This works from the user login screen.

 

How to Protect Your Mac

  • The best way to protect your Mac is by installing the most recent security updates. To do that, open App Store> Updates > Select all security updates available and click UPDATE.
  • Additionally, make sure you've set a root password.  To do that, go to System Preferences > Users & Groups > Login Options > Join > Open Directory Utility > Edit. Enable the Root User if you haven’t already and then choose Change Root Password.

We recommend that you do this on all of your MacBook devices running High Sierra especially if there is any sensitive information on it