Gain Root Access Without a Password in macOS High Sierra

0

If you have a Mac computer and you are using latest version of Apple operating system, MacOS High Sierra then you have to take a lot of safety measures. Macs have been infected with an endangering risk that allows unauthorized users to get into your computers without any passwords or security checks leaving all your personal data at stake.

This default permits uncertified user to get physical access of your computer, known as “root” without any password.

This vulnerability is similar to one Apple patched last month, which affected encrypted volumes using APFS wherein the password hint section was showing the actual password of the user in the plain text.

Here’s How to Login as Root User Without a Password

If you want to try this exploit, then, all you gotta do is follow these steps from admin or guest account:

  • First, open system preferences on machine.
  • Then, select users and groups.
  • Click the lock icon to make changes.
  • Then, Enter “root” in the username field of a login window
  • Don’t enter anything into the password field and leave it blank. Then press the enter button several times.

After a few tries, Macos High Sierra logs in the uncertified user allowing them access as “superuser” which permits to read and write to system files.

Making use of the MacOS login screen any user can get access to your mac with FileVault trying that root trick.

All they have to do is Click “other” on login screen and enter “root”

Somehow, it is not near to possible to exploit this endangerment when a Mac machine is turned on, and its screen is secured with a password.

Ergin publicly contacted Apple Support to ask about the issue he discovered. Apple is reportedly working on a fix.

“We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.”

Here’s How to Temporarily Fix the macOS High Sierra Bug

A temporary fix has been discovered. To fix this error you need to enable the root user with a password.

To fix this problem. The steps you need to follow are:

  • Open System Preferences and Select Users & Groups
  • Click on the lock icon and Enter your administrator name and password there
  • Click on “Login Options” and select “Join” at the bottom of the screen
  • Select “Open Directory Utility”
  • Click on the lock icon to make changes and type your username and password there
  • Click “Edit” at the top of the menu bar
  • Select “Enable Root User” and set a password for the root user account

This password won’t let anyone access your Mac with a black password.

To be secure, you need to disable Guests accounts on your Mac. For this, you need to head on to System Preferences → Users & Groups, select Guest User after entering your admin password, and disable “Allow guests to log in to this computer.”