macOS High Sierra bug gives you root access without a password

From time to time every operating system out there is revealed to have a bewildering bug or two. Today macOS has fallen victim to this custom, and as far as bugs go, this is a big one. It also unfortunately creates a huge security issue, so if you have a Mac running macOS High Sierra you should read on, for there’s an easy fix you can apply yourself.

First, the problem. The bug lets you or anyone with access to your computer get root (admin) access without a password. No, really. All you need to do is enter “root” in the username field when you log in, leave the password field blank, and then mash the Return key a few times (or click on the Login button several times). That’s it, you’re then instantly logged in as a ‘superuser’, which means you have read and write privileges on system files, including what’s in other macOS accounts.

Needless to say, this is bad. However, here’s the quick fix you can ensure you apply until Apple patches the bug. What you need to do is set a root password. Launch a Terminal window and type “sudo passwd -u root”, then enter your password, and then enter a new password for the root user. Once you’ve done that, the bug no longer presents itself.

Hopefully Apple has already taken note of this problem and is working tirelessly to fix it as soon as possible.

Source 1 | Source 2 | Via 1 | Via 2