A bug in the latest versions of macOS High Sierra allows users to create a root account with no password by repeatedly pressing a button in the preferences panel.

The only way an attacker could exploit this bug is if the macOS owner left his Mac unlocked and then left his desk.



This is all an attacker needs because with a few clicks he can create a root account that he could use at a later time to access the vulnerable device. The root account can also be used to log into the vulnerable machine remotely.

How the bug works!
Step 1: Open the macOS system preferences window
Step 2: Go to Users & Groups
Step 3: Click the lock icon in the bottom-left corner of the window
Step 4: Type "root" in the username field
Step 5: Place the cursor in the password field
Step 6: Press the Unlock button repeatedly until the user is created
These steps will create a root account on the computer with no password. An attacker could use this account at a later time to legitimately log into a victim's Mac.

The bug affects macOS High Sierra 10.13.1 and 10.13.2 Beta. Users can prevent an attacker from exploiting a bug by creating a "root" account themselves and giving it a custom password. This blocks the bug from creating another root account.

Turkish software developer Lemi Orhan Ergin discovered and tweeted about the bug earlier today. Many other macOS users independently confirmed the issue. Apple is aware of the bug and working on a patch.