Vulnerability 10.13 - Root

Valued Contributor II

Since this is out there, and the original finder did not go through responsible disclosure. Figured i'd post it here so at least admins are aware.

Dear @AppleSupport, we noticed a HUGE security issue at MacOS High Sierra. Anyone can login as "root" with empty password after clicking on login button several times. Are you aware of it @Apple?

This works on User & Admin accounts.

That being said, if you enable root and have a password on it. You're not affected. If you don't it'll enable root and create an account.

Enabling a root password however may cause you more tech debt down the line.


Valued Contributor
Valued Contributor


i used below article to deploy that one specific update.

Contributor III

I just rebooted my Mac and the BuildVersion is now 17B1003. It looks like they re-released the patch.

Security Update 2017-001

Looks like the original patch broke other things:

Valued Contributor

The re-release also applies to 10.13 (vs. 10.13.1).