Security issues with your products are never a good thing and when you have a user publically Tweet about one, it makes you move. Such was the case with Apple and macOS High Sierra. Twitter user Lemi Orhan Ergin, a software engineer out of Turkey tweeted that there was a “*HUGE*” security issue with High Sierra.
Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as “root” with empty password after clicking on login button several times. Are you aware of it @Apple?
— Lemi Orhan Ergin (@lemiorhan) November 28, 2017
You can access it via System Preferences>Users & Groups>Click the lock to make changes. Then use “root” with no password. And try it for several times. Result is unbelievable!
If you follow the Twitter post thread, you’ll read that some users tried it and were unsuccessful while others tried and were successful. It’s likely that you’d have to be running a certain version of High Sierra to get the same results. That said, this isn’t good for macOS users and it looks bad for Apple. Apple is generally good about patching issues like this quickly but for now, machines will remain vulnerable until they can push any updates.
As of now, it’s unclear how something like this could have slipped past Apple and Apple tends to keep errors like this under wraps and doesn’t disclose much about them. It will be interesting to see how many people are affected by this. Hopefully, the fix will be pushed quickly, which is usually the case.
For now, you can test your Mac by going to System Preferences, choosing Users & Groups then click the lock to make changes. Use root without a password and just continually try until given root access. If you’re denied, then you’re safe.
What do you think of this security issue with High Sierra? Let us know in the comments below or on Twitter or Facebook.