Apple Security

A Serious macOS Bug Allows Effortless Access to Root Account

macOS Root Bug Allows Effortless Access to a Mac

Anyone with a physical or remote access to a Mac computer can easily gain Root access thanks to a newly discovered macOS bug.

I just woke up to the news of a nasty bug in Apple’s macOS High Sierra operating system. It’s the same OS I am currently using on my MacBook Air. It has been a month since I published an article here. But learning about this macOS bug made me write this article.

So, what’s this nasty bug all about? Well, it allows someone with physical access to your Mac to enable the Root user account.

What’s a Root account, you ask? Well, Root is a very privileged user, aka ‘Super User.’ Think of it as the ‘God Mode’ in games. This Root guy has all the power and authority to do anything he wants. He’s so powerful, he is kept locked-up, hidden somewhere in your computer. Most non-tech savvy users might not even know about this Root user residing in their device.

Why? Because Root user is disabled by default. When you set-up your Mac, you create a user account. This first user account is usually an ‘administrator’ account – who can manage things on your computer. So, you don’t really need a Root account to do stuff.

If you want to know more about this Root aka Superuser, go ahead and read about it on Wikipedia. Now, moving onto this newly discovered macOS bug.

macOS High Sierra Root Vulnerability

The newly discovered macOS root vulnerability allows anyone with an access to a Mac computer to log in with a Root account. You don’t even need to know the administrator account password to do this. Once you gain access to a Mac using this Root account, you can do everything you want, literally.

With Root access, you can change passwords of other users, change security and privacy settings, change Time Machine (backup) settings, and possibly anything that requires an admin password to be entered. All you need to do is to enter Root credentials in the username/password window.

What are these credentials, you ask? Well, username is root. And password? Surprise! There’s no password.

Why? Because as I mentioned earlier, the Root account is disabled by default. And there’s no password given to this account. It’s blank.

MacOS System Preference

Now, usually (and ideally), there are a few steps to be followed in order to enable the Root account. But the bug discovered earlier takes away the requirement to enable Root account. The bug is, in fact, what enables the Root account!

Does The macOS Root Bug Affect You?

If your are running macOS High Sierra version 10.13.1, your Mac is vulnerable to this bug. The chances that you are running this version of macOS are high as long as you regularly update your computer. If you just bought a new Mac, you are definitely running this version, unless the store didn’t sell you an updated Mac.

To find out the version, click on Apple logo in the menu bar, and go to About This Mac. You will see the macOS version under Overview.

MacOS Version

The aforementioned macOS version is first requirement. The second requirement is that one need access to the Mac computer. This could be a physical access or a remote one.

In both cases, one must be logged-in to enable a root account. If you left your Mac unattended, anyone could exploit this bug and do all the nasty stuff he wants with your computer and your data.

If you have a habit of locking your computer when leaving your desk, you are partially immune. But if your computer has more than one users, you need to check a few more things.

Do you select your username from a list of users and then enter a password to log-in? Great. If you locked your computer before leaving your desk, no one can exploit this bug from your desk, at least.

Do you have to type your username and password when you log-in to your computer? This doesn’t sound good. Anyone can log-in with a root account using the log-in screen. This type of log-in setup is usual in enterprise environments.

How to Secure Your Mac from This Bug?

First thing to do here is to enable the Root account your self and set a password for it. Here’s how to do it.

  • Go to System Preferences > Users & Groups > Login Options.
  • Click the ‘lock’ icon and enter your password.
  • Click Join under ‘Network Account Server.’
  • Click Open Directory Utility.
  • Click the ‘lock’ icon and enter your password again.
  • Now go to Edit menu and click Change root password.
  • Enter a strong password, enter it again and save.

You have now set a password for Root account. So if anyone wants to log-in as Root, a password is now required.

Second thing to do is to wait for Apple to release an updated version of macOS. As soon as you see an update, install it and you should be fine, hopefully.

macOS High Sierra Root Vulnerability: Summary

A newly discovered vulnerability allows anyone to log-in as the Root user. It affects Mac computers with macOS High Sierra version 10.13.1. The vulnerability is so simple it doesn’t require more than 10 seconds to log-in as Root.

The Root account is disabled and given a black password by default. To secure your Mac from this bug, you should change the Root password using steps mentioned above.

It is confirmed that anyone with physical as well as remote access (using Remote Desktop) can exploit this bug and gain access to a Mac.

Apple has said they are working on fixing this bug and we shall see a macOS update soon. What I disliked about this whole matter, though, is that the bug put in public domain without it being disclosed to Apple first. Most of us wouldn’t have known about it until it was made public. And now that the bug is publicly disclosed without a fix on hand, it looks scarier that it would have.

What do you think about this?

Send and Receive Money via Advanced Cash

About the author

Parvez Shaikh

A blogger by profession, Parvez is passionate about new technology and gadgets. He's pro-encryption and enjoys his privacy. When not blogging, he enjoys reading books and other blogs or planning a never ending vacation.

Leave a Reply