Gain Root without Password- macOS Sierra

A critical vulnerability has been discovered in macOS High Sierra allowing any user to get root access on a mac system without any passwords.

In order to perform this, you just need to type “root” into the username field, leave the password blank, and hit the Enter a few times ( two or more) and gain access immediately.

To carry out the exploit,

-> Open System Preferences-> Users & Groups -> Enter “root” in the username field-> Select Password field and hit enter multiple times.

Root access
Root access

What’s more, there’s no patch yet for this!

Make-shift fix to protect:

-> Enable the root user with a password.

Follow the below steps:

System Preferences -> Users & Groups -> Enter your admin name and password there
Go to Login Options -> Join -> Open Directory Utility”
Make changes and type your username and password -> Edit-> Enable Root User-> Set password
Additionally, disable Guest accounts on your Mac
System Preferences → Users & Groups-> Guest User-> Disable Allow guests to log in to this computer

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.