High Sierra Bug Provides Full Root Access

Posted November 29, 2017

A user reported the issue earlier today, but initially it wasn't specified which version of Mac OS High Sierra was affected, what machines, or anything other than what the problem was.

Publicly posted to Twitter by Turkish software developer Lemi Orhan Ergin, the unsafe vulnerability lets anyone using a Mac running macOS 10.13 High Sierra get authenticated into a "System Administrator" account, giving them access to all sorts of private files. All someone needs to do is change "username" to "root", leave the password blank, and press the "unlock" button multiple times.

Discovered by software engineer Lemi Orhan Ergin, the bug allows anyone who has access to your computer to gain full, administrative access in just seconds.

CNET independently confirmed this security flaw exists and reached out to Apple about the issue. The Apple Support Twitter account acknowledged Ergin's tweet highlighting the issue but did not provide any additional comment.

A demonstration of the security flaw.

For now, you can test your Mac by going to System Preferences, choosing Users & Groups then click the lock to make changes.

This is a developing story. (The company maintains an invite-only bug bounty program.) Despite its incredibly alarming simplicity, The Verge is not reproducing the steps to bypass High Sierra's login screen here.

You can also use this same flaw to access System Preferences on a computer whose settings you don't have access to.

Enter "root" again with no password. Click "Login Options", then click "Join", which appears next to the text "Network Account Server".

Click in the Directory Utility window, then enter an administrator name and password. Users can prevent an attacker from exploiting a bug by creating a "root" account themselves and giving it a custom password.