Developer Lemi Ergin in macOS High Sierra (macOS High Sierra 10.13, macOS High Sierra 10.13.1 and macOS 10.13.2 Beta) A major security flaw has been discovered in the Root system, which allows you to gain Root privileges without entering a password or security check.
The latest news
Mac system update fix Root administrator permission vulnerability, please update quickly!
Vulnerability is introduced
#0x01 Vulnerability introduction and practice
This exploit allows anyone to log in using an administrator account. All you have to do is enter the user name Root, no password, and the user can get the Mac administrator account.
All you need to do to take advantage of this vulnerability is to follow these steps for an administrator or guest account. First, turn on system preferences. Then go to Users & Groups and click the lock in the lower left corner. You can type Root in the user name, leaving the password empty. Finally, click Unlock to gain access to a new administrator account.
You can also use this method to access the Mac on the login screen. Just go to the login screen, click “Other”, type in Root and leave your password blank, and you can do whatever you want!
The solution
#0x02 Plain text tutorial
Enable or disable user Root
- Choose The Apple menu () > System Preferences, and then click Users and Groups (or Accounts).
- Click on the lock icon and enter your administrator name and password.
- Click Login Options.
- Click Join (or Edit).
- Click Open Directory Utility.
- Click the lock icon in the Directory Utilities window and enter the administrator name and password.
- From the menu bar of catalog Utilities:
- Choose Edit > Enable Root and enter the password for Root.
- Alternatively, choose Edit > Disable User Root.
Log in as the Root user
- After the Root user is enabled, you have the permission of the Root user only when you log in as the Root user.
- Choose Apple menu > Log Out to log out of your current user account.
- In the login window, log in using the user name Root and the password created for the Root user.
- If the login window displays a list of users, click Other and log in.
- After the task is complete, disable user Root.
Changing the Root Password
- Choose The Apple menu () > System Preferences, and then click Users and Groups (or Accounts).
- Click on the lock icon and enter your administrator name and password.
- Click Login Options.
- Click Join (or Edit).
- Click Open Directory Utility.
- Click the lock icon in the Directory Utilities window and enter the administrator name and password.
- From the directory Utility menu bar, choose Edit > Change Root password…
- Enter the Root password when prompted.
#0x03 Video tutorial
Click the link
#0x04 Graphic tutorial
Turn on your preferences
The User and Group page is displayed
Click on the lower left corner to unlock
Click login options
Click on the add
Click to open the catalog utility
To unlock
Click “Edit Options” on the menu bar
Set your Root password
# 0 x05 follow-up
An Apple spokesperson has said they are currently working on a patch to fix the security flaw. If you set the Root password, it will not matter.
# 0 x06 summary
I’m going to call this a stupid bug. Is it code written by Ah-3? It is recommended that the Root permission be disabled by default. Common users rarely need such high permissions.
# 0 x09 twitter sources
Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as "root" with empty password after clicking on login button several times. Are you aware of it @Apple?
— Lemi Orhan Ergin (@lemiorhan) November 28, 2017
#0x08 Refer to article
- The macOS system is now a big bug so easy to gain administrator rights
- Apple responds to Root access vulnerability in new macOS: Next patch fix
- How do I enable user Root or change the password of user Root on a Mac