Thursday, November 30, 2017

MacOS High Sierra login bug


If you've been following security news, you'd know that Mac OS High Sierra has a security bug. Most of the articles have done a fine job explaining all the fluff, so I'll get straight to the point.

If you have no password for the root account (as is the case for most users, since they haven't explicitly set up a root account and password on their system), then Mac will accept a blank password for logging into root.

A demo is better than a 1000 words, and I'll show you one real quick-


Step 1 : Go to a place requiring admin privilege authentication. For example, Users and Groups in System Preferences.

Step 2 : Click on the lock, and you'd be prompted to login.

Step 3 : Change username to root, leave the password field blank (After changing username to root, press tab to move to the password field, then tab again to go back to username field, and then click unlock, otherwise this won't work).

That's it. You can get creative regarding what all you can accomplish with this. I haven't tried it, but I've heard that this attack (bug :p) works remotely!


Seeing as how this bug puts your system at risk, I'm sure you are curious as to how to fix it. One way is to give your root account a password. 

However, on 29th Nov apple released a security update for this bug. We'll simply use that. Here's the update - (the section below uses info from the linked page)

Let's first check if the update is installed. 

For that, type this on your terminal and hit enter-
what /usr/libexec/opendirectoryd
If your output is something like this, then you have an old version of the update installed-

If it's one of these two, or a more recent version (higher numbers), then you're good

opendirectoryd-483.1.5 on macOS High Sierra 10.13
opendirectoryd-483.20.7 on macOS High Sierra 10.13.1

So, if you have and old version like me, let's head to the app store and install the update.
Sure enough, here's the update we need. It'll take a bit to get installed.

Once that's done, let's just run the same command again and verify that the version number increased to our liking. Now we're all good. 


Bug seems fixed. That's it for the post.


  1. Today you will show Sqlmap's work! Which is already in ink linux! You can use Nessus, Vega, Acunetix for Windows to know whether a site is eligible for SQL Injection! The software will get Google A search!

    For Kali Linux youo can use Vega, Power Fuzzar! Kali linux Tutorial

  2. This login bug is unaccetable. I was seriously scandalized by this when the news first appeared, and now that they are trying to fix it with updates, we need to think how messed up the development must be if things like that are present.
    Apple needs to be scrutinized.

  3. I sincerely didn’t like the idea, but this is my way of saying thank you to the Quora user that recommended a hacker (ETHICALHACKERS009@GMAIL.COM)

    I hired him for a very private and difficult matter of helping me hack a my spouse’s phone and social networks and some other personal stuffs and he far exceeded my expectations. which Jeremie, helped me get the info(whatsapp, facebook, text messages, call logs etc) faster and cheaper than I had imagined. The first time we spoke, we had a very long phone consultation in he gave me all my options that he could think of to resolve my case, and he even recommended I try other options before hiring him, which shows that he is honest. I decided to hire him and I am glad I did. he is a fantastic investigator and a great person. If you need a professional, reliable and efficient hacker, then you should contact this guy ; ETHICALHACKERS009@GMAIL.COM
    You can also call him or send him a text +16692252253


© Kali Tutorials, 2016. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Shashwat Chaudhary and Kali Tutorials with appropriate and specific direction to the original content.
Bitcoin: 1B5aLqJcMW7zznffTxQwta8JTZsxBDPguC