A newly discovered bug in macOS High Sierra enables the root superuser on a Mac with a blank password and no security check, essentially giving anyone full access to your Mac.

Apple is likely already working on a fix, but in the meantime, there's a temporary workaround -- enabling the root user with a password. Here's how:

  1. Open Spotlight and search for Directory Utility. directory utility spotlight
  2. Double click on the app result to open.
  3. Click on the lock at the bottom of the window to make changes and enter your username and password for an administrator account on your computer. directory utility
  4. In the menu bar at the top of the screen, choose "Edit." macoshighsierrarootbugeditmenu
  5. Select "Enable Root User."

From there, you can enter a password for the root user account, which prevents it from being accessed with a blank password, which is what the current bug allows to happen.

macoshighsierrarootbugpassword
Disabling the root user account again follows the same steps, but at the "Edit" portion of the process, you'll select "Disable Root User" to remove the option. Until the bug is fixed, though, you'll want to leave the root user account intact to prevent it from being accessed without a password.

To further protect your Mac, you can also disable guest accounts, though this is not a necessary step with a root password enabled. Guest accounts can be disabled by going to System Preferences > Users & Groups and choosing "Guest User" after entering your admin password. Disable "Allow guests to log in to this computer."

Update: Apple has released a security update to fix this issue, and all macOS High Sierra users should apply the update as soon as possible to ensure they are protected.

Related Forum: macOS High Sierra

Top Rated Comments

poppy10 Avatar
poppy10
101 months ago
This is such a fundamental and major security flaw, it's mind-blowing how it managed to get through Apple's QA

A critical vulnerability that allows root access to all macs with a single click. We'd be laughing at Microsoft if this had occurred with Windows
Score: 27 Votes (Like | Disagree)
rpmurray Avatar
rpmurray
101 months ago
Now the new backdoor that Apple added for the government has been blown.
Score: 12 Votes (Like | Disagree)
Sefstah Avatar
Sefstah
101 months ago
Or, you know, don't leave your laptop sitting around unlocked. As more or less 100% of your critical info is under your user account anyway, probably even in the easy to find Documents folder, it's almost useless to spend time (as a theif) monkeying with root accounts. Just yoink what you need directly. Creating a root password (as a theif) presumes future access to the Mac, in which case it's been lifted already, and there are ways to get at your info, anyway, if it's unencrypted, as most Macs are.

Pretty dumb flaw, yes, but you deserve what you get if you leave your unattended, unlocked laptop lying around where people can physically get at it in the first place.
Laptop? How about all the schools and Universities that use iMacs with admin accounts? This is a HUGE flaw and shouldn’t be downplayed.
Score: 9 Votes (Like | Disagree)
KvR Avatar
KvR
101 months ago
Much easier (if your comfortable with the terminal) fix:

sudo passwd root

Just set a password on your root account.
Score: 8 Votes (Like | Disagree)
miniyou64 Avatar
miniyou64
101 months ago
Unbelievable. This is not Steve’s Apple.
Score: 5 Votes (Like | Disagree)
Doctor Q Avatar
Doctor Q
101 months ago
A faster way to launch Directory Utility is to type "directory utility" in Spotlight, then press return. (This assumes that you have "Applications" enabled in Spotlight's preferences.)

Make sure you choose a secure root password. Leaving root enabled with an easily guessed password defeats the purpose.
Score: 5 Votes (Like | Disagree)
Read All Comments

Popular Stories

Home Hub Command Center with Dome Base Feature

Apple Working on All-New Operating System

Saturday August 16, 2025 6:45 am PDT by
Apple is developing an all-new operating system codenamed "Charismatic," according to Bloomberg's Mark Gurman. Apple smart home hub concept This is likely Apple's long-rumored "homeOS" operating system. In a report this week, Gurman said both Apple's rumored smart home hub in 2026 and tabletop robot in 2027 will run the new operating system. He said the software platform will blend...
Read Full Article126 comments
iOS 26 Feature

Here's Everything New in iOS 26 Beta 7

Monday August 18, 2025 11:59 am PDT by
The seventh developer beta of iOS 26 is now available. While we are now in the later stages of the iOS 26 beta cycle, there are still some changes. Below, we outline everything new that we have found in iOS 26 beta 7 so far. Redesigned Blood Oxygen Feature The seventh developer betas of iOS 26 and watchOS 26 include a redesigned Blood Oxygen feature on Apple Watch Series 9, Apple Watch ...
Read Full Article56 comments
airpods pro 2 green

Apple Releases New Beta Firmware for AirPods Pro 2 and AirPods 4

Tuesday August 19, 2025 11:25 am PDT by
Apple today provided developers with updated beta firmware for the AirPods Pro 2 and AirPods 4, allowing them to test the new AirPods features in iOS 26, iPadOS 26, and macOS Tahoe. The firmware is only available to developers at the current time, and a device running iOS 26, iPadOS 26, or macOS 26 is required to install the update. The firmware has a build number of 8A5343a, up from 8A5324b. ...
Read Full Article23 comments
Apple Watch Ultra 2 Complications

Apple Watch Ultra 3 Just Weeks Away: Eight Reasons to Upgrade

Wednesday August 20, 2025 6:44 am PDT by
We're only weeks away from Apple's annual iPhone event – rumored to take place on September 9 – and along with the new iPhone 17 series, we're going to get a new version of the Apple Watch Ultra for the first time since 2023. By the time the Ultra 3 is unveiled, it will have been two years since the previous model arrived. The intervening period has left plenty of room for enhancements,...
Read Full Article65 comments
Generic iOS 18

iOS 18.6.2 Update Coming Soon for iPhones

Tuesday August 19, 2025 9:29 am PDT by
Apple's software engineers are testing iOS 18.6.2, according to the MacRumors visitor logs, which have been a reliable indicator of upcoming iOS versions. Yesterday, an anonymous source with a proven track record said iOS 18.6.2 was incoming, but the update was not present in our logs at that time. Last year, the same anonymous source claimed that iOS 17.5.2 was in the pipeline, but Apple ...
Read Full Article24 comments
apple wallet drivers license feature iPhone 15 pro

iPhone Driver's Licenses in Apple Wallet Now Available in 10 U.S. States

Wednesday August 20, 2025 12:00 pm PDT by
In select U.S. states, residents can add their driver's license or state ID to the Wallet app on the iPhone and Apple Watch, providing a convenient and contactless way to display proof of identity or age at select airports and businesses, and in select apps. This week, Apple announced the 10th U.S. state that has implemented the feature: Montana. Below, we have recapped key details about...
Read Full Article57 comments
iPhone 16

No iPhone 18 in 2026, Another Report Claims

Monday August 18, 2025 7:34 am PDT by
Apple is expected to delay the launch of its base iPhone 18 model until spring 2027, marking a major shift in the company's long-established release cycle, according to South Korea's ETNews. The report claims that Apple has informed some of its suppliers that the iPhone 18 will not be part of the September 2026 iPhone lineup. Instead, the company will unveil only higher-end models in the...
Read Full Article137 comments
TechWoven

Apple Rumored to Launch 'TechWoven' Cases for iPhone 17 With 'Crossbody Strap' Option

Wednesday August 20, 2025 8:21 am PDT by
Apple is planning to launch a new "TechWoven" line of cases for the iPhone 17 series, according to a leaker known as "Majin Bu." Two years ago, Apple stopped selling leather iPhone cases, as part of the company's efforts to reduce its carbon emissions. As an alternative, Apple introduced a new "FineWoven" line of fabric iPhone cases made from 68% post-consumer recycled content, but they were ...
Read Full Article140 comments