Published: Wed, November 29, 2017
Sci-tech | By Jackie Newman

MacOS gives users full admin rights without password

MacOS gives users full admin rights without password

Apple's macOS High Sierra has a fatal security flaw allowing anyone to bypass system security by logging in as "Root" with no password and clicking "unlock" numerous times. Enter "root" as the username and leave the password field empty. If you have a root account enabled and a password for it set, the above blank password trick will not work.

The bug affects macOS High Sierra 10.13.1 and 10.13.2 Beta. Then, click the "Join" button beside "Network Account Server" and a new panel will pop up. Click on the lock in the lower left of the menu to make changes. It's likely that you'd have to be running a certain version of High Sierra to get the same results.

Apple wasn't immediately available to comment on the bug, whether it's working on a fix, or how to protect any computers running High Sierra right now.

The vulnerability allows any person to access the administrator's account on an already unlocked Mac. However, there is a workaround that will provide users with some additional security to prevent against unauthorized logins: users can enable a root account that requires a password to gain access.

Tips for buying the best artificial tree
The tradition of hanging a Christmas tree upside down from the ceiling is an old one in Central and Eastern Europe. And, as Chris Nucifora said, it was good to have some advice from people with tree-cutting experience.

As of now, it's unclear how something like this could have slipped past Apple and Apple tends to keep errors like this under wraps and doesn't disclose much about them.

CNET independently confirmed this security flaw exists and reached out to Apple about the issue.

After going through the above steps, the attacker can then log out, and choose the "Other" option that appears on the login screen. Some users have reported triggering the exploit from the login screen, but we could only consistently recreate the issue from System Preferences.

Like this: