Eric Cardenas Posted November 29, 2017 Share Posted November 29, 2017 A new flaw was discovered in High Sierra a few hours ago. It's a devastating bug enabling access to catastrophic vulnerabilities. Basically anyone can login as root with a blank password. Here's Apple's statement “We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.” Here's a quick rundown of how to create a password: Change the root password via System Preferences Choose Apple menu () > System Preferences, then click Users & Groups (or Accounts). Click the lock icon, then enter an administrator name and password. Click Login Options. Click Join (or Edit). Click Open Directory Utility. Click the lock icon in the Directory Utility window, then enter an administrator name and password. From the menu bar in Directory Utility, choose Edit > Change Root Password… Enter a root password when prompted. Or, if you prefer using the Terminal Open the Terminal and type: sudo passwd -u root Enter and confirm a new root user password. Quote Link to comment Share on other sites More sharing options...
enossified Posted November 29, 2017 Share Posted November 29, 2017 How could they have missed that? That's probably the worst security hole I can possibly think of. Quote Link to comment Share on other sites More sharing options...
Eric Cardenas Posted November 29, 2017 Author Share Posted November 29, 2017 That's the million dollar question. Quote Link to comment Share on other sites More sharing options...
drumrunner Posted November 29, 2017 Share Posted November 29, 2017 It's Apple, a million isn't enough. WT actual F?!!! Quote Link to comment Share on other sites More sharing options...
Eric Cardenas Posted November 29, 2017 Author Share Posted November 29, 2017 There's now an update waiting to be installed via the App store. https://support.apple.com/en-us/HT208315 Quote Link to comment Share on other sites More sharing options...
Arnaud Posted November 30, 2017 Share Posted November 30, 2017 Yeah, and this quick fix breaks File Sharing... For once (only once) I think Apple is sort of sub-par here. Anyways, they've issued a tech note to fix the file sharing bug that their security fix has now created... https://support.apple.com/en-us/HT208317 Quote Link to comment Share on other sites More sharing options...
Eric Cardenas Posted November 30, 2017 Author Share Posted November 30, 2017 There's a patched version of the fix out now so you can either follow the link that Arnaud provided or apply the patch again to fix the file sharing issue. Quote Link to comment Share on other sites More sharing options...
angelonyc Posted November 30, 2017 Share Posted November 30, 2017 Why hire programmers to debug, when the paying customers do it for free? Quote Link to comment Share on other sites More sharing options...
David Nahmani Posted December 1, 2017 Share Posted December 1, 2017 Why hire programmers to debug, when the paying customers do it for free? I think you mean to beta-test. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.