Your browser is obsolete!

The page may not load correctly.

  • add to favourites
    Add to Bookmarks

Epic and revealing

Read: 20109 Comments: 2 Rating: 10

Wednesday, January 17, 2018

This message can come as a shock to macOS users:

According to this tweet, root access can be acquired by anyone who goes to System Preferences → Users & Groups, opens any user account page, clicks on the padlock (places the cursor on the password-input field before clicking the unlock button), enters “root” as the login and uses an empty password. Clicking Unlock repeatedly will "convince" macOS that root privileges must be granted.

Many users confirmed that the issue did exist in their systems.

What makes matters worse, the trick also works on the system login screen.


To resolve this issue, enable the root account (don't use an empty password). The easiest way to accomplish this is to run the following command in the terminal:

sudo passwd -u root

You also need to specify a strong password (the source). you can also use the GUI to enable the root account.

Generally speaking, everybody already knows it’s essential to change default passwords right after purchasing a device.

After all, hardcoded logins and passwords, which can be used as a backdoor, are ubiquitous in router firmware, but this incident is somewhat "special".

The issue in question was described in detail as a solution to a user's problem on Apple's developer support forum. On November 13, Chethan Kamath, who signed in on the forum under the alias chethan177, wrote: On startup, click on "Other".

Enter username: root and leave the password empty. Press enter. (Try twice.)


So it turns out that Apple was aware of this issue and did nothing to fix it.

#security_updates #backdoor #OS_X #vulnerability #password

The Anti-virus Times recommends

Flaws and vulnerabilities can be found in all hardware and software products; don't assume that a respected brand offers some sort of immunity from issues of this kind. Therefore, timely updates and an anti-virus (in this case, Dr.Web for macOS) are required.


Tell us what you think

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.