• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

[NEWS] Serious flaw in MacOS High Sierra gives attacker root access

Not open for further replies.


Admin / Security Staff
Staff member

A serious vulnerability in MacOS High Sierra makes it very easy for an attacker with physical access to a locked Mac to log on as root. Even in some cases, the vulnerability is also remotely exploitable. If the operating system asks for a username and password, it is sufficient to specify "root" as the username and leave the password field blank.

Next, you must click Unlock twice, and the user has administrator rights. The attack allows an attacker to log on to a locked Mac and gives access to the Administrator account on an unlocked Mac. Researcher Patrick Warde argues that vulnerability can also be exploited remotely if specific remote administration tools are enabled. Once an attacker has been logged on as root, FileVault disk could theoretically even be disabled by the attacker "root" user.

The vulnerability was reported on the Apple Developer Forum on 13th of November but was released yesterday in the news after researcher Lemi Orhan Fafar warned. Apple has published a document that explains how the root user can be disabled or how the password can be customized. Changing the root password solves the problem.
Learn how to change the root password, information by Apple: https://support.apple.com/en-us/HT204012
Not open for further replies.