Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences

  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.
Sign in / up

OSes

Pro tip: You can log into macOS High Sierra as root with no password

Apple, this is Windows 95 bad – but there is a workaround to kill the bug

icon Shaun Nichols in San Francisco
Tue 28 Nov 2017 // 20:15 UTC

Updated A trivial-to-exploit flaw in macOS High Sierra, aka macOS 10.13, allows users to gain admin rights, or log in as root, without a password.

The security bug can be triggered via the authentication dialog box in Apple's operating system, which prompts you for an administrator's username and password when you need to do stuff like configure privacy and network settings.

If you type in "root" as the username, leave the password box blank, hit "enter" and then click on unlock a few times, the prompt disappears and, congrats, you now have admin rights. You can do this from the user login screen, too.

The vulnerability effectively allows someone with physical access to the machine to log in, cause extra mischief, install malware, and so on. You should not leave your vulnerable Mac unattended, nor allow remote desktop access, until you can fix the problem.

And while obviously this situation is not the end of the world – it's certainly far from a true remote hole or a disk decryption technique – it's just really, really sad to see megabucks Apple drop the ball like this.

Developer Lemi Orhan Ergan alerted the wider world to the flaw via Twitter in the past hour or so. The security hole was also quietly discussed on Apple's developer forums two weeks ago, but virtually no one seemed to notice.

It gets worse. You can use this programming blunder to disable FileVault...

But there is a workaround for now. If you have configured a root password, the above blank password trick will not work. So, set a root password right now using...

sudo passwd -u root

El Reg was able to replay the bug on our office Macs running High Sierra, which was released in September. A spokesperson for Apple was not immediately available for comment. Apparently, it's all due to the operating system accidentally creating a blank root account:

Chalk this up as just the latest embarrassing flaw in Apple's newest flavor of macOS, the OS formerly known as OS X. In October, fans noted that High Sierra would also do things like disclose the password for encrypted drives, and cough up account credentials to untrusted applications.

Earlier builds of the OS also had a habit of ruining the hard drives in iMacs, and rendering kernel-level security protections effectively useless, thanks to buggy code implementations.

Let's hope Apple engineers can do a bit better with next year's release, or we may all be left hoping for that iOS to Mac conversion sooner than later. We'll update this article as and when new information arrives. The latest High Sierra beta release is not affected, apparently. ®

Updated to add

Apple has just now published this handy guide to enabling the root account and setting a non-blank password for it, which defeats the above exploit.

And to reiterate, watch out if you have remote desktop access switched on for your Mac – VNC, RDP, screen sharing and similar can be used to gain admin rights on your computer via this vulnerability. So set a root password for now, and don't forget it.

Apple is working on a software patch to correct the issue – which is good news because the bug can be triggered via the command line and not just the interactive GUI. This means malware and naughty apps can now automatically and silently grab root privileges on High Sierra Macs, allowing them to cause real damage.

Similar topics

×

Similar topics

Narrower topics

Broader topics

Similar topics

COMMENTS

Similar topics

×

Similar topics

Narrower topics

Broader topics

TIP US OFF

Send us news

Other stories you might like