How to Fix the macOS High Sierra Security Bug That Gives Full Admin Access to Mac Without Password

BY Gautam Prabhu

Published 29 Nov 2017

macOS High Sierra root access

As we had reported earlier, there is a major security flaw in macOS High Sierra that gives full admin access to the Mac without a password. 

“root” user is supposed to be disabled by default, but due to the bug “root” is enabled and currently allows access to anyone without a password.

Apple has acknowledged the bug and has said that it is working on a fix. However, until then, we would strongly recommend enabling root password with a password to prevent someone getting full admin access to your Mac.

Note, this bug affects macOS High Sierra, it does not affect macOS Sierra. So if you’re on macOS High Sierra then follow these steps to temporarily fix the macOS High Sierra security bug.

Step 1: Launch System Preferences

Step 2: Navigate to Users & Groups

Step 3: Click on the Lock icon to make changes. Enter the password when prompted and click Unlock.

Step 4: Click Login Options.Set Root Password - Login Options

Step 5: Click Join next to Network Account Server at the bottom.

Set Root password - Join

Step 6: Click Open Directory Utility.

Step 7: Click the lock icon to make changes. Enter the password when prompted, and click Modify Configurations.

Step 8: Click Edit from the Menu bar and click Enable Root User.

Set Root Password - Enable Root user

Step 9: Here set a root password so that the root user cannot be accessed using a blank password because of the bug.

As always, let us know how it goes in the comments below. Given the seriousness of the bug, we expect Apple to provide a bug fix soon.