Skip to main content
  1. Home
  2. Computing
  3. Apple
  4. News

Anyone can log into your Mac without your password — here’s how to fix it

Add as a preferred source on Google

Anyone using MacOS High Sierra should be on high alert. A Twitter user revealed a massive security vulnerability which allows anyone to log into your system as an administrator without valid login credentials. All a malicious user has to do is attempt to log in as “root” from the login screen, leave the password field blank, and press enter over and over until the system allows access.

Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as "root" with empty password after clicking on login button several times. Are you aware of it @Apple?

— Lemi Orhan Ergin (@lemiorhan) November 28, 2017

The scary news is that it’s true, or it was before Apple released a security patch. So all you need to do is open your Mac App Store and check for updates. You should see a security update available, go ahead and download that and you’re all set.  Before it was fixed, the vulnerability meant anyone could approach your iMac, MacBook, or Mac Pro and access your computer without anything more than a couple keystrokes and zero technical know-how.

Recommended Videos

Additionally, it’s never a bad idea to change your system’s root password; leaving it blank was the key to the vulnerability before it was fixed. Here’s a quick tutorial on how to do just that.

Assuming you’re running MacOS High Sierra, we’ll teach you below how to fix the problem.

First, we’re going to open up System Preferences, open Users & Groups, select Login Options, then click the lock on the bottom left side of the window and enter your password. Next, hit Join right beside Network Account Server. This will open up a small dialog box, there you will want to click Open Directory Utility. Now we’re going to click that little lock again, and enter your password.

MacOS High Sierra Vulnerability Fix
Image used with permission by copyright holder

From here, mouse up to your Finder bar, and click Edit. From this drop-down menu click Change Root Password. This is the most important part: Pick a strong, unique password that you won’t forget.

MacOS High Sierra Vulnerability Fix
Image used with permission by copyright holder

That’s it, just an extra layer of security for your Mac, now that Apple has addressed the vulnerability with a security update.

The whole issue came to light after an industrious Twitter user pinged Apple Support’s official Twitter account for help regarding the vulnerability and from there it caught fire and spread. Twitter users from all over the world were confirming that they could replicate the vulnerability, and access their own computers without using anything more than a four-letter word.

Even though it’s fixed, this wasn’t just a minor vulnerability, like a loophole in some bit of code somewhere that only a security expert could exploit. This was a dead-simple way to break into someone else’s computer, so make sure you download and apply that patch from the Mac App Store.

Update: Apple has issued a security patch to address the issue. 

Jaina Grey
Former Digital Trends Contributor
Jaina Grey is a Seattle-based journalist with over a decade of experience covering technology, coffee, gaming, and AI. Her…
ASUS Zenbook Duo UX8407AA review: Two screens finally earned their place in my bag
Two machines are definitely better than one, but on the same laptop? Asus nailed it, but you must be willing to pay for the convenience.
ASUS Zenbook Duo has two displays

See at Amazon

Two displays on a laptop once sounded like an elaborate solution waiting for the right problem. ASUS has spent the past few generations steadily proving otherwise. After using the latest Zenbook Duo (2026) UX8407AA for over two weeks, I started arranging my daily routine around that second display. 

Read more
How Claude helped my 65-year-old dad finally ditch his handwritten ledgers
AI has a lot to answer for, but this one small win is hard to argue with, at least for me.
Claude app on iPhone

My dad has owned a small business for as long as I can remember, and for just as long, he's kept his books the old-fashioned way. Every sale gets written down by hand so he can file his taxes later. The problem is that his accountant needs this data in Excel, and my dad, who didn’t grow up around computers, has never learned how to use it.

For years, his workaround was paying someone to manually type his handwritten entries into a spreadsheet. It worked, but it was adding additional cost to his business, which he wanted to avoid, but couldn't.

Read more
AI’s energy tax was already concerning. Research says AI agents are over hundred times worse
AI agents could consume 136 times more energy than today's AI, study finds
AI agents

The AI industry's soaring electricity demand has already become a growing concern for governments, utilities, and technology companies. But a new study suggests the next generation of artificial intelligence could make that problem significantly worse.

Researchers from the Korea Advanced Institute of Science and Technology (KAIST) have published what they describe as the first comprehensive analysis of the energy cost of AI agents - AI systems capable of reasoning, planning, and completing tasks autonomously. Their findings show that these systems can consume up to 136.5 times as much energy per query as conventional generative AI models, raising fresh questions about whether the infrastructure supporting tomorrow's AI is ready for what's coming.

Read more