Skip to Main Content
CWRU Links


Vulnerability Identified in Mac OSX High Sierra, Version 10.13 and Higher

A security flaw has been detected in Mac operating systems, High Sierra 10.13 or greater. This vulnerability allows anyone to login to a Mac device and change administrative settings by typing in the username “root” with no password. Users should apply the newly published Apple Security Update described at as soon as possible.

Systems at Risk

  • Currently, this vulnerability is only detected in users with a Mac operating system that has been upgraded to High Sierra 10.13 or greater.
  • Systems with local console access, such as shared computers in teaching or lab environments, where users are not privileged with root access.
  • Systems with Apple Remote Desktop (ARD) enabled.

Systems Not at Risk

  • Mac operating systems that are prior to 10.13.

Recommended Actions

  1. High Sierra 10.13 or greater users: Visit the Apple App Store and install the 2017-001 update as soon as possible.
  2. A temporary fix is to create a root account, then set a password and leave it enabled. Instructions can be found at

For More Information

< Previous | Next >