NEWS
Apple Flaw Allows MacOS High Sierra Logins Without Passwords
2907
2017-11-29
Posted by 3uTools

The username is the "root" of all problems for Apple's latest operating system.


It turns out you don't need a password to log in to a locked Apple device using MacOS High Sierra -- just the username "root."


By heading to your device's System Preferences, under Users & Groups, you can click on the lock and get hit with a prompt asking for a username and password to change settings. Then, instead of entering a password, you can type in "root" for the username and leave the password field empty.


After clicking unlock several times, it should eventually open up, no passwords necessary. Lemi Orhan Ergin, the founder of Software Craftsmanship Turkey, discovered the security flaw and tweeted it out to Apple Support on Tuesday.


 

Apple Flaw Allows MacOS High Sierra Logins Without Passwords


"We are working on a software update to address this issue," an Apple spokesperson said. "In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the 'Change the root password' section."


The simple exploit means anybody with physical access to your MacOS High Sierra device can log in on your computer, no matter how secure your passwords are.


The bug works for every aspect of the OS that would normally require a password, which means someone could also get access to your Keychain, containing all your passwords.


Kurt Opsahl, the general counsel for the Electronic Frontier Foundation, recommended creating a username "root" and setting a password to solve the blatant issue.


Source: cnet

Related Articles
macOS High Sierra 10.13.2 Beta 4 Now Available Two-factor Authentication Required for iOS 11, macOS High Sierra macOS High Sierra 10.13.2 Now Available After a Month of Testing Apple Releases macOS High Sierra 10.13.1 With New Emoji, WPA2 Security Fix Apple's Had a Shockingly Bad Week of Software Problems macOS High Sierra Gets A Theme Song, Thanks to A Musical Fan Apple Releases macOS High Sierra Beta 3 to Developers Apple's Craig Federighi Confirms APFS Coming to Fusion Drives in a Future macOS High Sierra Update