Error on macOS allows creating root account without password

Recently, a bug in the latest versions of macOS High Sierra allows users to create root accounts without passwords by pressing repeatedly on the Unlock button in the options panel.

The only way for an attacker to exploit this vulnerability is when the macOS owner leaves his computer without locking the screen.

With just a few clicks, an attacker can create a root account to access the vulnerable device later. This root account can also be used to log in to vulnerable computers remotely.

1. Microsoft and GitHub cooperated to bring Git virtual file system to macOS and Linux
2. Change Google DNS on Mac

How it works on macOS

Step 1: Open the window depending on macOS system.

Step 2: Access Users & Groups .

Step 3: Click the lock icon in the bottom left corner of the window.

Step 4: Type "root" into the username field.

Step 5: Place your mouse cursor in the password field.

Step 6: Press Unlock several times until the user is created.

Error on macOS allows creating root account without password Picture 1

The above steps will help create a root account on a computer without a password. An attacker can use this account to log in to the victim's Mac.

It is known that this error will affect macOS High Sierra operating systems 10.13.1 and 10.13.2 Beta. Users can prevent an attacker from exploiting this vulnerability by creating a root account and creating a custom password. This operation may prevent an error from creating another root account.

Turkish software developer - Lemi Orhan Ergin discovered and posted this error on macOS early yesterday. Many other macOS users have also confirmed this problem soon. Currently, Apple is trying to fix bugs and release patches.