MacOS HighSierra “root” vulnerability

On November 28th , Lemi Orhan, an Agile Software Craftsman, tweeted about a bug on MacOS HighSierra which allows anyone have a root access to the computer with the username “root” with a blank password which was later confirmed by Apple.

Tweet Screenshot

Testing this bug on your Computer

If you are testing it on your machine it will have a negative impact, which means it creates a persistent root user account on your Computer. It will have effect on some remotely accessibly services like Remote Desktop. Once this has been enabled on your system, it posses some security impact on your Computer.

Some users on Twitter even claimed the vulnerability can be exploited remotely if VNC or Apple Remote Desktop is enabled.

One of the way to protect yourself against this bug is not to try it on your computer. But if you have already done so, Just the change the root password and also disable remote services through System Preferences > Sharing and disable any of the remote services you’re already using.

You can follow this instructions provided by Apple Support to protect yourself.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.