man on computer at desk

Security flaw found in Mac operating systems High Sierra 10.13 or greater

A security flaw has been detected in Mac operating systems High Sierra 10.13 or greater. This vulnerability allows anyone to log into a Mac device and change administrative settings by typing in the username “root” with no password. Users should apply the newly published Apple Security Update described at as soon as possible.

Systems at risk:

  • Users with Mac operating system updated High Sierra 10.13 or greater;
  • Systems with local console access, such as shared computers in teaching or lab environments, where users are not privileged with root access; and
  • Systems with Apple Remote Desktop (ARD) enabled.

Systems not at risk:

  • Mac operating systems that are prior to 10.13

Recommended actions

Users with High Sierra 10.13 or greater should visit the Apple App Store and install the 2017-001 update as soon as possible.

A temporary fix is to create a root account, then set a password and leave it enabled; instructions can be found online.

More information can be found at the following websites: