Apple Has Released A Fix For The macOS High Sierra Password Flaw

Apple Has Released A Fix For The macOS High Sierra Password Flaw

Mac users running the latest version of Apple’s operating system, High Sierra, are susceptible to a pretty huge flaw that could grant anyone with physical access to your Mac unfettered access to everything on your machine. The hack seems to be affecting only macOS High Sierra 10.13 and 10.13.1 versions. Luckily, Apple has now issued a fix.

Image credit: Apple

The password hack takes advantage of a flaw in the way macOS handles user accounts. Changing the name of a user’s login to “root” and using a blank password can grant ne’er-do-wells access to everything in your computer, let them install malicious software, or lock you out of your account completely.

You can check if your computer is affected by the flaw by trying to hack yourself. First, visit your System Preferences, then the Users & Groups page. There, you can modify user accounts, add administrator or guest accounts, add parental controls, and select which apps start up along with your Mac. Hit the lock located at the bottom left corner of the window to make changes to these preferences.

Here’s where the flaw comes into play. When you’re asked to enter your password, delete the username and replace it with “root”, leaving the password blank. Then, hit “Unlock”. You may have to click it a few times, but eventually you’ll be granted access.

Apple has just released a security fix addressing the root account access flaw this morning. Security Update 2017-001 alters the way Apple validates items like usernames and passwords, and prevents malicious parties from changing your password without the proper login credentials. You can find the update in the App Store on your Mac. We suggest you do so posthaste.

The Cheapest NBN 50 Plans

Here are the cheapest plans available for Australia’s most popular NBN speed tier.

At Lifehacker, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.