A serious, yet stupid vulnerability has been discovered in macOS High Sierra that allows untrusted users to quickly gain unfettered administrative (or root) control on your Mac without any password or security check, potentially leaving your data at risk. Dec 02, 2017  Then, Enter “root” in the username field of a login window; Don’t enter anything into the password field and leave it blank. Then press the enter button several times. After a few tries, Macos High Sierra logs in the uncertified user allowing them access as “superuser” which permits to read and write to system files.

Dec 19, 2017 High Sierra has been out for a while, there have been a few minor updates but not once was there mention of this root hack. The reason is actually quite simple. Apple doesn’t offer a bug bounty for MacOS. You might be confused as you have probably heard about Apple’s bug bounties. However, the only bounties they have are for iOS. A serious, yet stupid vulnerability has been discovered in macOS High Sierra that allows untrusted users to quickly gain unfettered administrative (or root) control on your Mac without any password or security check, potentially leaving your data at risk. The macOS High Sierra Trust Store contains three categories of certificates: Trusted root certificates are used to establish a chain of trust that's used to verify other certificates signed by the trusted roots, for example to establish a secure connection to a web server.

Every piece of software has security flaws, some major and some minor. What most software doesn’t have are security flaws that might as well be called a disastrous oversight leading to terrible experiences for users, and shameful PR for companies.

Macos Root Account

The ‘bug’ in Apple’s macOS High Sierra is of the latter kind. Security researchers yesterday disclosed a bug in High Sierra that allows anyone to hack into it and gain ‘root’ privileges. But that’s not even the worst part, it’s the ridiculously easy method that makes this ‘bug’ a massive oversight from Apple — a company that, by the way, is known to take security more seriously than anyone else in consumer electronics.

Macos El Capitan

Apparently, anyone who gets a prompt to log-in into a Mac running High Sierra with multiple user accounts can simply enter ‘root’ as the username, leave the password field blank and hit the unlock button twice. That’s it, they’re in. And not just ‘in’ in, they have ‘root’ privileges on the system, making this a train wreck the size of Apple’s brand new spaceship campus. Except in this case, it’s Apple’s lack of attention to detail that made the news.

Macos Sierra

Security researchers have claimed that the bug would’ve been found earlier if Apple had a bug-bounty program for macOS (the company only has one for iOS as of now).
Apple, for its part, has confirmed the issue, and has promised a fix — “We are working on a software update to address this issue”, a company spokesperson said.

Macos Root Access

Meanwhile, users can add a root password to their Macs to protect themselves from this scary, face-palm worthy bug that has managed to creep into macOS. Apple has official instructions on doing just that on their support website.