Critical security flaw lets anyone gain root access to a Mac running macOS High Sierra
A software developer appears to have found a major security flaw with the latest version of the MacOS High Sierra. Anyone can login to the default root account using the username "root" and no password, giving them access to a superuser with access to all areas of your system -- including read and write privileges on other user accounts.
The bug was discovered by Lemi Orhan Ergin, whose Twitter profile shows him as a Turkish software developer. BGR staff tested the bug on several devices running the most recent version of MacOS High Sierra, and were able to log in as the root user easily, with access to all other user accounts.
It's difficult to overstate how bad this security flaw is. Root access to a system is the holy grail of control over a device; leaving the root account enabled and with no password is like setting the nuclear launch code as "1234."
BGR Top Deals:
- Amazon’s single best-selling Black Friday deal is still available right now
- $14 device gives any 4K TV you got on Black Friday a huge visual upgrade
Trending Right Now:
- 8 paid iPhone apps on sale for free today
- Russians claim they’ve found the first extraterrestrial life, and it was right under our noses
- 5 best Cyber Week sales happening now: Amazon, Walmart, Best Buy, more
Critical security flaw lets anyone gain root access to a Mac running macOS High Sierra originally appeared on BGR.com on Tue, 28 Nov 2017 at 15:30:55 EDT. Please see our terms for use of feeds.