A bug in macos high sierra allows full administrator access without a password

Despite the fact that macOS is the safest operating system in the world, being the least affected by cyber threats, the truth is that it is not a 100 percent secure OS, as evidenced by the appearance of a new security flaw by which enables a user in macOS Hish Sierra with administrator access to the entire computer since it has a blank password and lacks a security check.

The root fault

The security flaw in question would have been discovered by developer Lemi Ergin. This bug allows anyone to be able to log into an administrator account using the username "root" ("root") without a password. This error works when trying to access an administrator's account on an unlocked Mac, and it also provides access to the login screen of a locked Mac.

To verify that your computer is affected by this security flaw, you simply have to follow these steps having logged in from any user account on your Mac, be it administrator or guest:

1. Open System Preferences

2. Go to the Users and Groups section

3. Click on the padlock to make changes

4. Type "root" in the username field

5. Move your mouse to the Password field and click there, but leave it blank

6. Click Unlock, and you should have full access that allows you to add a new administrator account.

Also on the login screen you can use this insecure trick to gain access to a Mac after the feature has been enabled in System Preferences. At the login screen, click "Other" and then enter "root" again without a password.

This bug appears to be present in the current version of macOS High Sierra, 10.13.1, and in the beta version of macOS 10.13.2 that is currently undergoing testing. To solve the problem, you must enable a root user with a password, in this way it will no longer be possible to use this bug while Apple fixes it in a next update, something that it has already confirmed to be doing.