How to fix the Apple password flaw


Apple recently announced an update to patch a security flaw in the password login on Mac's. Here's how to ensure you are protected.

On Wednesday 29th November Apple issued an emergency software update for the High Sierra version of its MacOS that fixes a glaring vulnerability.

The flaw, discovered by software developer Lemi Orhan Ergin let you gain access to any Mac running on High Sierra by simply typing "root" in the username field, leaving the password blank and then clicking the login button a few times.

main apple password

Is my Mac protected?

Late Tuesday, Apple confirmed it was working on a software update to fix the flaw and issued step by step instructions to help customers protect their machines by enabling the root user or changing the root password. Within 24 hours the company were advising users that Security update 2017-001 would be automatically installed on all systems running the latest version (10.13.1) of MacOS High Sierra.

How to install and confirm the Security update:

  1. Open the Mac App Store and the update will be available to download. 

  2. Once installed go to your Applications folder and open the Terminal app in the Utilities folder. 

  3. Type what/usr/libexec/opendirectoryd and press Return. 

  4. If the system update 2017-001 was installed successfully, you will see one of these project version numbers:

               - opendirectoryd-483.1.5 on macOS High Sierra 10.13
               - opendirectoryd-483.20.7 on macOS High Sierra 10.13.1

Unfortunately, this fix has created an additional bug within the file sharing system of macOS, preventing some users from authenticating with or connecting to file shares which are used in business and on home networks.

If you experience issues with file shares follow these steps:

  1. Open the Terminal app, which is in the Utilities folder of your Applications folder.

  2. Type sudo/usr/libexec/configureLocalKDC and press Return. 

  3. Enter your administrator password and press Return.

  4. Quit the Terminal app.
main password

How do I keep my password secure?

The first step to protecting your private information is by ensuring your devices have a strong password and that you keep it hidden from prying eyes. Follow these simple steps to keep it safe:

  1. Always log off when you are done using your device and make sure you use different passwords for each of them.

  2. Change your passwords often. Experts recommend changing it every three months and not using the same password for a year.

  3. Create a strong password using letters and numbers and avoid using common words, place names or phrases.

  4. Use a comprehensive Internet security suite to help keep all your devices safe from malware and viruses that can steal your password.

  5. Do not enter passwords when using unsecured Wi-Fi connections (like at the airport or coffee shop)—hackers can intercept your passwords and data over this unsecured connection. If you are compelled to do so make sure your information is encrypted. Norton Secure VPN lets your surf the web anonymously while helping to protect your privacy.

  6. Use two-factor authentication where it is available. This adds an extra layer of authentication in addition to your password to access your accounts.

Do Mac's need antivirus?



Norton logo
  • Norton
Norton empowers people and families around the world to feel safer in their digital lives

Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc. 


    Want more?

    Follow us for all the latest news, tips and updates.