Skip to main content
  1. Home
  2. Computing
  3. News

Anyone can log into your Mac without your password — here’s how to fix it

By

how to download MacOS High Sierra
Image used with permission by copyright holder
Anyone using MacOS High Sierra should be on high alert. A Twitter user revealed a massive security vulnerability which allows anyone to log into your system as an administrator without valid login credentials. All a malicious user has to do is attempt to log in as “root” from the login screen, leave the password field blank, and press enter over and over until the system allows access.

Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as "root" with empty password after clicking on login button several times. Are you aware of it @Apple?

— Lemi Orhan Ergin (@lemiorhan) November 28, 2017

The scary news is that it’s true, or it was before Apple released a security patch. So all you need to do is open your Mac App Store and check for updates. You should see a security update available, go ahead and download that and you’re all set.  Before it was fixed, the vulnerability meant anyone could approach your iMac, MacBook, or Mac Pro and access your computer without anything more than a couple keystrokes and zero technical know-how.

Recommended Videos

Additionally, it’s never a bad idea to change your system’s root password; leaving it blank was the key to the vulnerability before it was fixed. Here’s a quick tutorial on how to do just that.

Related

Assuming you’re running MacOS High Sierra, we’ll teach you below how to fix the problem.

First, we’re going to open up System Preferences, open Users & Groups, select Login Options, then click the lock on the bottom left side of the window and enter your password. Next, hit Join right beside Network Account Server. This will open up a small dialog box, there you will want to click Open Directory Utility. Now we’re going to click that little lock again, and enter your password.

MacOS High Sierra Vulnerability Fix
Image used with permission by copyright holder

From here, mouse up to your Finder bar, and click Edit. From this drop-down menu click Change Root Password. This is the most important part: Pick a strong, unique password that you won’t forget.

MacOS High Sierra Vulnerability Fix
Image used with permission by copyright holder

That’s it, just an extra layer of security for your Mac, now that Apple has addressed the vulnerability with a security update.

The whole issue came to light after an industrious Twitter user pinged Apple Support’s official Twitter account for help regarding the vulnerability and from there it caught fire and spread. Twitter users from all over the world were confirming that they could replicate the vulnerability, and access their own computers without using anything more than a four-letter word.

Even though it’s fixed, this wasn’t just a minor vulnerability, like a loophole in some bit of code somewhere that only a security expert could exploit. This was a dead-simple way to break into someone else’s computer, so make sure you download and apply that patch from the Mac App Store.

Update: Apple has issued a security patch to address the issue. 

Editors' Recommendations

Topics
Jayce Wagner
Jayce Wagner
Former Digital Trends Contributor
A staff writer for the Computing section, Jayce covers a little bit of everything -- hardware, gaming, and occasionally VR.
Apple quietly backtracks on the MacBook Air’s biggest issue
The MacBook Air on a white table.

The new MacBook Air with M3 chip not only allows you to use it with two external displays, but it has also reportedly addressed a storage problem that plagued the previous M2 model. The laptop now finally has much faster storage performance since Apple has switched back to using two 128GB NAND modules instead of a single 256GB module on the SSD drive.

This was discovered by the YouTuber Max Tech, who tore down the entry-level model of the MacBook Air M3 with 8GB of RAM and 256GB of storage. In his tests, thanks to the two NAND modules, the M3 MacBook Air is nearly double faster than the M2 MacBook Air. Blackmagic Disk Speed tests show that the older M2 model with the problematic NAND chip had a 1584.3 Mb/s write speed, and the newer M3 model had 2108.9 Mb/s for the M3 model, for a 33% difference. In read speeds, it was 1576.4 Mb/s on the old model and 2880.2 Mb/s on the newer model.

Read more
The 6 best ways Macs work with your other Apple devices
A person holds an iPhone in front of a MacBook.

One of the best things about using more than one Apple device is the way they interact with each other. Apple has built all kinds of clever features into its famous ecosystem, and it means your devices all work together in a way that you just don’t get from any other manufacturer.

AirDrop might be the ultimate expression of this, though that's fairly well-known. Here, we’ve picked out six other great ways your Mac works with other Apple products. Most require you to have Bluetooth and Wi-Fi enabled, as well as for you to be using the same Apple ID on all your devices. Check the System Settings app on your devices to make sure the specific features are enabled, although most should be by default.

Read more
I never knew I needed this mini Mac app, but now I can’t live without it
Apple MacBook Pro 16 downward view showing keyboard and speaker.

Switching apps is something I do countless times every day on my Mac, so much so that I don’t ever think anything of it. That is until recently, when I discovered a new app that has me flipping windows in a new (and much-improved) way.

That app is called Quick Tab, and it’s designed to make app switching a little more painless. Now, I’ll admit that I’ve never thought of the traditional Command-Tab key combination as all that painful, but Quick Tab has swiftly shown me what I’ve been missing.

Read more