MacOS gives users full admin rights without password

Posted November 29, 2017

Then, instead of entering a password, you can type in "root" for the username and leave the password field empty.

International Business Times was able to successfully replicate the issue on a MacBook Air and a MacBook Pro, both running version 10.13.1 of MacOS High Sierra.

Despite suggestions that the flaw can be mitigated by disabling the computer's guest account, this will not work - it simply restarts the computer with Safari the only application running. There are likely many more ways that someone taking advantage of the issue could wreak havoc on a Mac desktop or laptop.

More news: Melania hits back at claims she never wanted to be First Lady

Apple is yet to comment, but I suspect a quick trip to the locksmith is in order. This can be done by navigating to System Preferences, selecting Users and Groups, clicking Login Options on the left side of the menu, clicking the Join button next to Network Account Server, clicking Open Directory Utility, then clicking Edit in the Mac's menu bar to assign a password. The previous version of the operating system didn't appear to be affected by the bug.

The bug was reported by Lemi Orhan Ergin who reached out to Apple over Twitter.

At the login screen, click "Other". Use root without a password and just continually try until given root access. They can change any users' password, allowing them to log in and access things like email and browser passwords.

More news: Miss South Africa Crowned Miss Universe

The simple exploit means anybody with physical access to your MacOS High Sierra device can log in on your computer, no matter how secure your passwords are.

Currently, there is no official fix from Apple regarding the issue. Users can prevent an attacker from exploiting a bug by creating a "root" account themselves and giving it a custom password.

Go to System Preferences then click Users & Groups (or Accounts).

More news: Florida hires Mississippi State's Dan Mullen as new head football coach

Click the lock icon in Directory Utility's window and authenticate.