Table of Contents
If you’re using macOS High Sierra, your Mac may be vulnerable to a root entry flaw that allows hackers to access your computer without a password. This article provides a step-by-step guide on how to fix the problem and secure your Mac.
The Root Entry Flaw
On November 28, 2017, a bug was discovered in macOS High Sierra that allows anyone to access a Mac as root without the need for a password. This means anyone can access your settings and gain all administrator rights. Hackers can change your user password, download applications, and access your keychain files, among other things. However, they would need access to your Mac to log in as root.
Apple quickly issued a statement that they were working on a software update to fix the issue. The update is now available and we recommend installing it immediately. If you recently updated from macOS High Sierra 10.13 to 10.13.1, you will need to restart your Mac for the security update to be properly applied.
Apple’s Solution
Apple released Security Update 2017-001 for macOS High Sierra 10.13 and 10.13.1 to address this vulnerability. This security update resolved the root bug that allowed attackers to bypass administrator authentication without entering the administrator password. It’s important to check that your Mac has security update 2017-001 installed.
How to Check Your Mac for Security Update 2017-001
- Open the Terminal app in the Utilities folder of your Applications folder.
- Type /usr/libexec/opendirectoryd and hit Return.
- If Security Update 2017-001 is installed, you will see one of these project version numbers:
- opendirectoryd-483.1.5 on macOS High Sierra 10.13
- opendirectoryd-483.20.7 on macOS High Sierra 10.13.1
If Security Update 2017-001 is not installed on your Mac, we recommend installing it immediately.
Error Reappears if You Update to macOS 10.13.1
It’s worth noting that if you upgrade your machine to macOS 10.13.1, this security fix may not work. Once the update process is complete, your Mac may again be vulnerable to the root entry bug. However, the fix will be rolled back the next time you restart your Mac, so we recommend rebooting your Mac after installing the update.
How to Fix the Root Security Problem Yourself
If you can’t or don’t want to install the Apple update, you can manually fix the problem with these steps:
- Open Finder.
- Click Go > Go to Folder.
- Type /System/Library/CoreServices/Applications/ in the text field.
- Click Go.
- Open the Directory Utility app.
- Click the lock icon to make changes.
- Enter your name and password in the pop-up window.
- Click Change Configuration.
- Click Edit.
- Select Change Root Password.
- Enter a new password and confirm it.
- Click OK.
- Click the lock again to prevent further changes.
- Quit the Directory Utility app.
If someone tries to log in as root now, they will need to enter a password.
Protecting your Mac is essential, and we have provided other tips to safeguard your computer from hackers and malware. Check them out!
FAQs
How can I tell if my Mac has the root bug?
If you are using macOS High Sierra, your Mac may be vulnerable to the root bug. You can check whether your Mac has the root bug by following the instructions in this article.
Do I need to restart my Mac after installing the security update?
If you recently updated from macOS High Sierra 10.13 to 10.13.1 and installed the Security Update 2017-001, you need to restart your Mac to properly apply the security update.