Skip to main content
  1. Home
  2. Computing
  3. News

Anyone can log into your Mac without your password — here’s how to fix it

By

how to download MacOS High Sierra
Image used with permission by copyright holder
Anyone using MacOS High Sierra should be on high alert. A Twitter user revealed a massive security vulnerability which allows anyone to log into your system as an administrator without valid login credentials. All a malicious user has to do is attempt to log in as “root” from the login screen, leave the password field blank, and press enter over and over until the system allows access.

Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as "root" with empty password after clicking on login button several times. Are you aware of it @Apple?

— Lemi Orhan Ergin (@lemiorhan) November 28, 2017

The scary news is that it’s true, or it was before Apple released a security patch. So all you need to do is open your Mac App Store and check for updates. You should see a security update available, go ahead and download that and you’re all set.  Before it was fixed, the vulnerability meant anyone could approach your iMac, MacBook, or Mac Pro and access your computer without anything more than a couple keystrokes and zero technical know-how.

Recommended Videos

Additionally, it’s never a bad idea to change your system’s root password; leaving it blank was the key to the vulnerability before it was fixed. Here’s a quick tutorial on how to do just that.

Related

Assuming you’re running MacOS High Sierra, we’ll teach you below how to fix the problem.

First, we’re going to open up System Preferences, open Users & Groups, select Login Options, then click the lock on the bottom left side of the window and enter your password. Next, hit Join right beside Network Account Server. This will open up a small dialog box, there you will want to click Open Directory Utility. Now we’re going to click that little lock again, and enter your password.

MacOS High Sierra Vulnerability Fix
Image used with permission by copyright holder

From here, mouse up to your Finder bar, and click Edit. From this drop-down menu click Change Root Password. This is the most important part: Pick a strong, unique password that you won’t forget.

MacOS High Sierra Vulnerability Fix
Image used with permission by copyright holder

That’s it, just an extra layer of security for your Mac, now that Apple has addressed the vulnerability with a security update.

The whole issue came to light after an industrious Twitter user pinged Apple Support’s official Twitter account for help regarding the vulnerability and from there it caught fire and spread. Twitter users from all over the world were confirming that they could replicate the vulnerability, and access their own computers without using anything more than a four-letter word.

Even though it’s fixed, this wasn’t just a minor vulnerability, like a loophole in some bit of code somewhere that only a security expert could exploit. This was a dead-simple way to break into someone else’s computer, so make sure you download and apply that patch from the Mac App Store.

Update: Apple has issued a security patch to address the issue. 

Editors’ Recommendations

Topics
Jayce Wagner
Jayce Wagner
Former Digital Trends Contributor
A staff writer for the Computing section, Jayce covers a little bit of everything -- hardware, gaming, and occasionally VR.
You can finally try out Apple Intelligence on your Mac. Here’s how
macOS Sequoia being introduced by Apple's Craig Federighi at the Worldwide Developers Conference (WWDC) 2024.

The second developer beta of macOS Sequoia is open for business and it includes Apple Intelligence features. It looks like anyone can try it out as long as you're not in China. That includes people in the EU -- even though the AI features might not launch there right away. The features available for testing include Writing Tools, Siri, Safari and Mail summaries, Smart Replies, Memory Movies, transcription features, Reduce Interruptions Focus Mode, and a few more. If you want to have a look yourself, here's everything you need to do to download the beta and activate Apple Intelligence.

Before you start, make sure you've backed up your Mac with Time Machine so you can restore the previous version if anything goes wrong. You can also use a secondary device if you have another Apple silicon Mac lying around because beta versions can go wrong and you have to download them at your own risk.

Read more
The best Mac apps for 2024: top software for your Mac
The app store open on a MacBook Pro.

One of the best parts about owning a Mac is the massive ecosystem of superb Mac apps it gives you access to. There are apps available to Mac users no matter what you are looking for, whether that's productivity, photo and video editors, security suites, and more. You can get them from Apple's own App Store or from third-party developer websites, and many of the best Mac apps are even free.

Whether you just bought your first Mac or you're a longtime Apple customer, here's a look at some of the best Mac apps you can get.
Best Mac apps to change your interface

Read more
I’m a Mac power user, and these are the apps I can’t live without
A person using a MacBook Air connected to two monitors.

The best Macs have a reputation for being easy to use, and as someone who switches between Windows and macOS every day, I can confirm that that reputation is well-earned. But macOS isn’t just a straightforward, easy-peasy system with about as much depth as a puddle -- it’s also a brilliant platform for power users.

A lot of that comes down to the thriving ecosystem of apps that are available on macOS. Load up your Apple computer with a few choice selections and you’ll be able to get so much more out of it than you ever thought possible, from automating tedious processes to making clever use of AI and everything in between.

Read more