Security flaw found in Mac operating systems High Sierra 10.13 or greater

A security flaw has been detected in Mac operating systems High Sierra 10.13 or greater. This vulnerability allows anyone to log into a Mac device and change administrative settings by typing in the username “root” with no password. Users should apply the newly published Apple Security Update described at support.apple.com/en-us/HT208315 as soon as possible.

Systems at risk:

  • Users with Mac operating system updated High Sierra 10.13 or greater;
  • Systems with local console access, such as shared computers in teaching or lab environments, where users are not privileged with root access; and
  • Systems with Apple Remote Desktop (ARD) enabled.

Systems not at risk:

  • Mac operating systems that are prior to 10.13

Recommended actions

Users with High Sierra 10.13 or greater should visit the Apple App Store and install the 2017-001 update as soon as possible.

A temporary fix is to create a root account, then set a password and leave it enabled; instructions can be found online.

More information can be found at the following websites: