Gain root access in macOS High Sierra #iamroot

November 29, 2017 Bugs (Software and Hardware), Cracking, Hacking, How to, Password, Security 1 Comment

It’s a rather embarrassing a bug that was discovered by developer Lemi Ergin that allows anyone to gain root access in macOS High Sierra with a blank password. Yes, all you need to do is just press enter enough times and you’re root. In fact everyone now using #iamroot just to poke fun at @Apple for this mess. This bug works when attempting to access an administrator’s account on an unlocked Mac, and it also provides access at the login screen of a locked Mac. This bug is present in the current version of macOS High Sierra, 10.13.1, and the macOS 10.13.2 beta that is in testing at the moment. It’s not clear how such a significant bug got past Apple, but it’s likely this is something that the company will immediately address. Until the issue is fixed, you can enable a root account with a password to prevent the bug from working.

How to do #iamroot

Follow below steps from any kind of Mac account, admin or guest:

Open System Preferences
Choose Users & Groups
Click the lock to make changes
Type “root” in the username field
Move the mouse to the Password field and click there, but leave it blank
Click unlock, and it should allow you full access to add a new administrator account.

At the login screen, you can also use the root trick to gain access to a Mac after the feature has been enabled in System Preferences. At the login screen, click “Other,” and then enter “root” again with no password. This allows for admin-level access directly from the locked login screen, with the account able to see everything on the computer.

In case you think this is funny, well experts are also poking fun at Apple and there’s major tweetstorm going on.

Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as “root” with empty password after clicking on login button several times. Are you aware of it @Apple?

— Lemi Orhan Ergin (@lemiorhan) November 28, 2017

So, if you were able to do it, leave a comment with nothing but “it worked #iamroot”. Enjoy

blackMORE Ops Learn one trick a day ….

Enabling AMD GPU for Hashcat on Kali Linux: A Quick Guide

Failed to open directory on Kali Linux Virtualbox

Can’t connect to WiFi in Linux

Setting up Damn Vulnerable Web Application (DVWA) – Pentesting Lab

Free Android Penetration Testing Toolkit & Risk Assessment

Penetration Testing Tools for Beginners

Detect SQL Injection (SQLi) and XSS

Machine Learning Network Share Password Hunting Toolkit

Complete WSL AI Development Environment Guide: CUDA, Ollama, Docker & Stable Diffusion Setup

Whispers: A Powerful Static Code Analysis Tool for Credential Detection

Enabling AMD GPU for Hashcat on Kali Linux: A Quick Guide

Migrate Plex Server – Ubuntu

Boot Ubuntu Server 22.04 LTS from USB SSD on Raspberry Pi 4

How to fix You can’t access this shared folder because your organization’s security policies block unauthenticated guest access error on Windows 11

How to unhide menu bar in Virtualbox

Gain root access in macOS High Sierra #iamroot

How to do #iamroot

One comment

Leave your solution or comment to help others.Cancel reply

Gain root access in macOS High Sierra #iamroot

How to do #iamroot

One comment

Leave your solution or comment to help others.Cancel reply

Discover more from blackMORE Ops