News 2 min read

macOS High Sierra Bug Grants Admin Access to Your Mac: How to Fix It?

20 minutes Macos High, Macos 10 The vulnerability in macOS High Sierra allows anyone to get full admin access to Apple computers Macos high sierra bug grants admin access to your mac At the moment, anyone can easily get root access to devices that run in macOS High Sierra. Recently, the critical security flaw was […]

Macos high sierra bug grants admin access to your mac
0 Comments
20 minutes Macos High, Macos 10

The vulnerability in macOS High Sierra allows anyone to get full admin access to Apple computers

Macos high sierra bug grants admin access to your mac
Macos high sierra bug grants admin access to your mac

At the moment, anyone can easily get root access to devices that run in macOS High Sierra. Recently, the critical security flaw was detected that allows getting System Administrator access by only clicking login button few times. Thus, anyone who has physical access (or establishes remote access) to your device can use it as administrator.

Software developer Lemi Orhan Ergin detected the bug that allows attackers to access Mac’s desktop, files, folders and even change passwords. If someone would like to remove or change your Apple ID, they would able to do that as well.

Anyone can exploit this vulnerability by entering “root” as the username in the authentication box. Entering a password is not needed. It’s enough to click unlock button two times, and you’re in.

The issue was reported on Twitter on 28th of November. Even thought Ergin was criticised about reporting it publicly instead of the company directly, discussions about the bug were going on in Apple’s developer forums for two weeks. However, the company did not take any action until now.

The security flaw was found in the latest macOS High Sierra, as well as 10.13.1 and the macOS 10.13.2 beta versions of the operating systems.

Apple is working on the bug fix

The company is aware of the issue and is currently working on the solution. As soon as the problem is solved, they will release a software update. However, users should take some precautions now in order to avoid attackers exploiting this security flaw.

Apple advises to enable Root Users and set a strong password. However, if it is already enabled, users have to make sure that a blank password is not set. Otherwise, users have to change the current blank password.

However, if you decide to keep root user disabled, you should also disable Guest User accounts. It will help to prevent attackers from accessing your Mac.

Fix macOS High Sierra bug by enabling Root User account

Security specialists recommend enabling root user account and protecting with a strong password. It’s a temporary solution that gives a layer of protection until Apple releases a bug update.

  1. Open System Preferences.
  2. Go to Users & Groups (or Accounts).
  3. Click on the lock icon to make changes.
  4. Enter administrator name and password in the prompt window.
  5. Click on Login Options in the left panel.
  6. At the end of the window, you should see Join… (or Edit) button near Network Account Server option. Click it.
  7. Click on Open Directory Utility… button.
  8. Click on the lock icon in the Directory Utility.
  9. Type your username and password.
  10. In the top menu bar choose Edit and choose Enable Root User.
  11. Enter the password for the root users and verify it.
  12. Click OK to save the changes.
Did this fix work for you?
Gabriel E. Hall

Written by

Malware Removal Expert
Malware removal Ransomware recovery Browser hijackers Spyware analysis Security tools testing

Gabriel E. Hall is a malware removal expert and cybersecurity researcher with over ten years of hands-on experience analysing threats and writing removal guides. She has documented hundreds of malware families — from browser hijackers and adware to ransomware and rootkits — providing step-by-step cleanup instructions tested against real infections. Gabriel's work combines deep technical analysis with clear, actionable language that readers without a security background can follow. Her guides consistently appear among the most-referenced resources for malware removal on Windows systems.

0 Comments

Be the first to comment

Still worried? Run a free check.

Paste any URL or domain — we'll scan it against 4.2M known threats in 10 seconds.

View full scanner → Add to your website →