Apple MacOS High Sierra Security Vulnerability

By : admin In: Articles, Blog November 29, 2017

A bug that allows anyone a blindingly easy method of breaking that operating system's security protections. Anyone who hits a prompt in Apple MacOS High Sierra asking for a username and password before logging into a machine with multiple users, they can simply type "root" as a username, leave the password field blank, click "unlock", and immediately gain full access.

Exploit for High Sierra root access:

Open “System Preferences” and Choose "Users & Groups" and click on the lock to make changes.

Here enter UserName "root" and press "unlock".

It's done you can change any user information without knowing their credentials.

Patch for High Sierra root access:

Open System Preferences and Choose Users & Groups and Click on the lock to make changes.

Here it will ask for your administrator name and password unlock it and hit on "Login Options".

Now click on "Join" at the bottom of the window and click on the "Open Directory Utility".

Here click on "Directory Utility"

Here at the top of the menu bar, choose "Edit" and click on 'Enable Root User".

Now set a new password in root user.

This whole scenario will add a password on "root" user so no one else can access it without knowing the password.