Serious OSX Vulnerability – Get Root Without A Password

Apple’s latest version of their OSX (or macOS) operating system – High Sierra – has been found to have a serious vulnerability that allows anyone with access to the device to have full administrative access (“root”) without a password.

On any vulnerable device, you can login as theĀ root user without a password from the lock screen (or login screen). A software update to fix the problem is being prepared, but it would be very sensible to apply a fix in the short-term.

To fix the problem, simply set a password for theĀ root user; start a Terminal and from the command-line, run the following command :-

sudo passwd root
Password: {Enter your own password here}
Changing password for root.
New password: {Enter root's new password}
Retype new password: {Enter it again}

You should probably store the new password for the root user in an appropriate password store (Keepass, or KeepassX), although you will probably never use it.

Links for further information :-

The vulnerability is an interesting one in a sense – in theory there is no need for the root user to have a password as it is not intended for direct use, but if the account accidentally becomes enabled then it becomes a dangerous (and easily exploitable) security hole. To be safe, Apple should not only have disabled the root user, but also generated a random password for that account.

The vulnerability can be exploited locally (with access to the keyboard) and in some instances remotely.

This entry was posted in Active Attacks, Passwords and tagged , , , , . Bookmark the permalink.