Apple working to fix “root” password issue

Apple said it is working to fix an issue that allows someone to login as a root user when they have access to your machine.

“We are working on a software update to address this issue,” an Apple spokesperson said in a statement provided to The Loop. In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.”

The issue was first reported this afternoon and was reproduced by Dave Mark at The Loop.

  • Dave Wood

    Please let this issue be called “#noGate”

  • John Kordyback

    Who’s Dave Mark? If that’s even his real name. And I bet he doesn’t even own a Mac.

  • I didn’t find the workaround… worked.

    So I’ll be leaving my computer off overnight and hoping there’s better info tomorrow.

  • fastasleep

    What’s not getting enough attention is that this exploit also works remotely if you have Screen Sharing, Remote Management, maybe other sharing (File Sharing?) turned on. Anyone can find your machine via Bonjour and perform this exploit via the Screen Sharing login window for example (I just did exactly that with a random iMac in my office over WIFI). That means if you have any of these services turned on and are sitting in public somewhere on WIFI, you’re a sitting duck — far moreso than someone walking past your unlocked Mac and getting you that way.

  • Luca

    I didn’t find the workaround… worked.So I’ll be leaving my computer off overnight and hoping there’s better info tomorrow.

  • rb763

    This is physical access right? Someone actually has to be at my keyboard to do this?