Here's How to Temporarily Fix the macOS High Sierra Bug That Gives Full Admin Access to Your Mac Sans Password [Updated] - MacRumors
Skip to Content

Here's How to Temporarily Fix the macOS High Sierra Bug That Gives Full Admin Access to Your Mac Sans Password [Updated]

by

A newly discovered bug in macOS High Sierra enables the root superuser on a Mac with a blank password and no security check, essentially giving anyone full access to your Mac.

Apple is likely already working on a fix, but in the meantime, there's a temporary workaround -- enabling the root user with a password. Here's how:

  1. Open Spotlight and search for Directory Utility. directory utility spotlight
  2. Double click on the app result to open.
  3. Click on the lock at the bottom of the window to make changes and enter your username and password for an administrator account on your computer. directory utility
  4. In the menu bar at the top of the screen, choose "Edit." macoshighsierrarootbugeditmenu
  5. Select "Enable Root User."

From there, you can enter a password for the root user account, which prevents it from being accessed with a blank password, which is what the current bug allows to happen.

macoshighsierrarootbugpassword
Disabling the root user account again follows the same steps, but at the "Edit" portion of the process, you'll select "Disable Root User" to remove the option. Until the bug is fixed, though, you'll want to leave the root user account intact to prevent it from being accessed without a password.

To further protect your Mac, you can also disable guest accounts, though this is not a necessary step with a root password enabled. Guest accounts can be disabled by going to System Preferences > Users & Groups and choosing "Guest User" after entering your admin password. Disable "Allow guests to log in to this computer."

Update: Apple has released a security update to fix this issue, and all macOS High Sierra users should apply the update as soon as possible to ensure they are protected.

Related Forum: macOS High Sierra

Top Rated Comments

P
poppy10
111 months ago
This is such a fundamental and major security flaw, it's mind-blowing how it managed to get through Apple's QA

A critical vulnerability that allows root access to all macs with a single click. We'd be laughing at Microsoft if this had occurred with Windows
Score: 27 Votes (Like | Disagree)
rpmurray Avatar
rpmurray
111 months ago
Now the new backdoor that Apple added for the government has been blown.
Score: 12 Votes (Like | Disagree)
S
Sefstah
111 months ago
Or, you know, don't leave your laptop sitting around unlocked. As more or less 100% of your critical info is under your user account anyway, probably even in the easy to find Documents folder, it's almost useless to spend time (as a theif) monkeying with root accounts. Just yoink what you need directly. Creating a root password (as a theif) presumes future access to the Mac, in which case it's been lifted already, and there are ways to get at your info, anyway, if it's unencrypted, as most Macs are.

Pretty dumb flaw, yes, but you deserve what you get if you leave your unattended, unlocked laptop lying around where people can physically get at it in the first place.
Laptop? How about all the schools and Universities that use iMacs with admin accounts? This is a HUGE flaw and shouldn’t be downplayed.
Score: 9 Votes (Like | Disagree)
KvR Avatar
KvR
111 months ago
Much easier (if your comfortable with the terminal) fix:

sudo passwd root

Just set a password on your root account.
Score: 8 Votes (Like | Disagree)
simonmet Avatar
simonmet
111 months ago
This is an extraordinary level of incompetence. Normally I’d say security bypasses like this are by design but this is such an easy and obvious bypass that it was bound to be discovered fairly quickly.

What does this say about the state of software development at Apple? I get that mistakes and bugs happen but something this severe and easy to replicate can’t have occurred without multiple people not doing their jobs properly.

Does Apple have QA anymore?
Score: 5 Votes (Like | Disagree)
miniyou64 Avatar
miniyou64
111 months ago
Unbelievable. This is not Steve’s Apple.
Score: 5 Votes (Like | Disagree)
Read All Comments

Popular Stories

Aston Martin CarPlay Ultra Screen

Apple Says CarPlay Ultra is Coming to These Vehicle Brands

Thursday May 21, 2026 11:53 am PDT by
Last year, Apple launched CarPlay Ultra, the long-awaited next-generation version of its CarPlay software system for vehicles. Nearly a year later, CarPlay Ultra is still limited to Aston Martin's latest luxury vehicles, but that should change fairly soon. In May 2025, Apple said many other vehicle brands planned to offer CarPlay Ultra, including Hyundai, Kia, and Genesis. CarPlay Ultra...
Read Full Article
MacBook Pro Low Angle Wide Lens 2

MacBook Pro OLED Display Production Clears Key Hurdle

Thursday May 21, 2026 1:41 am PDT by
Apple's first OLED MacBook Pro models have cleared a major manufacturing hurdle, with panel supplier Samsung Display having reportedly achieved yields above 90 percent on its Gen 8.6 OLED production line. According to Korean publication The Elec, some individual process stages are now reaching yields as high as 95 percent, a level that the display industry considers "golden yield" territory ...
Read Full Article59 comments
airpods pro 3 pink

New Apple Card Holders Can Get Free AirPods Pro 3, But There's a Catch

Monday May 18, 2026 8:11 am PDT by
Apple today launched a new promotion offering new Apple Card holders the chance to earn back the cost of AirPods Pro 3 through monthly cash rebates, but there is a recurring spend requirement attached. Customers who open a new Apple Card account and purchase AirPods Pro 3 directly from Apple by June 15 will qualify. Starting July 1 and running through April 30, 2027, cardholders can earn $25 ...
Read Full Article87 comments