Surely, every operating system has some bugs, some are reported while some go unnoticed by almost everyone. This time around, Apple’s latest operating system MacOS High Sierra has a pretty huge security loophole. Continue reading, if you are using High Sierra for a way to fix this issue.
First, the problem: Anyone can get root access on MacOS High Sierra without even knowing the root password. This will give the person administrative rights and full access to your MacOS.
All the person needs to do in order to get root access is, just type in “root” in the username field and that’s it. You need not type anything in the password field, just leave it blank. Now just smash the login button or press the return key for a few times. You’re then logged in as a ‘superuser’ which gives you access to accounts on the Mac and read, write privileges on system files.
Just to check how the bug actually works, you may click here.
Obviously, this isn’t any good on part of Apple. They have made a note about this bug and a patch is soon on its way.
Till then a quick fix is: set a password for the root user. Launch the terminal and type “sudo passwd -u root”, it may then prompt you to enter your password, enter it (it is not visible) and then set a password for the root user. After doing this, no one other than a person who knows the root password can get access to root privileges.
Earlier this year, there was one more bug that showed the password to anyone in the hint field. While Apple has security enclave, code signing and many other features to ensure tight security in their operating systems but this is a question that everyone is asking, Do these features really help ?