Surprise, surprise! Security by obscurity fails Apple's MacOS

Reading time icon 1 min. read


Readers help support MSPoweruser. When you make a purchase using links on our site, we may earn an affiliate commission. Tooltip Icon

Read the affiliate disclosure page to find out how can you help MSPoweruser effortlessly and without spending any money. Read more

When you live in the countryside you can often leave your door unlocked day and night.  You may feel safe, but you are not really secure.

It seems Apple has been operating under the same principle and today some-one managed to travel to their idyll and test the doors.

Turkish developer Lemi Orhan Ergin has discovered MacOS High Sierra appears to ship without a root password, and logging in with the username root and no password will give you full admin access, to do whatever you want, including changing passwords for other accounts or just about anything else.

Ergin reports it may take clicking the OK button more than once, but the “feature” has worked reliably for many people already.

Apple is yet to comment, but I suspect a quick trip to the locksmith is in order. MacOS users may want to mitigate the issue themselves by assigning a root password in System Preferences –> User Groups on your Mac device.

1) Open Directory Utility
2) Click the lock symbol to make changes, log in as admin
2) Click Edit -> Enable Root User
3) Click Edit -> Change Root Password…
4) Set a password

Via BGR

More about the topics: apple, bug, macOS, security