If you’re running the latest variation of MacOS, High Sierra, then a security flaw has been reported that, thanks to the person in question Tweeting it publicly, you need to deal with now.
— Lemi Orhan Ergin (@lemiorhan) November 28, 2017
What’s the flaw?
It’s possible to sign into a MacOS device with the user name ‘root’, leaving the password blank and then pressing Enter ‘a few times’. You can do this from the main login screen or from any prompt box that asks for your credentials (e.g. when installing software).
The user account ‘root’ is a superuser with read and write privileges to more areas of the system, including files in other MacOS user accounts. This flaw allows anybody with physical access to your computer to gain entry and many opportunities for mischief.
It was actually reported in the Apple Developer forums two weeks ago but was not acknowledged by anyone at Apple at the time.
What can I do?
If it’s possible for somebody to gain physical access to your laptop, you should immediately add a password to your ‘root’ user. For most people, this will be the easiest way to do it:
- Click on Spotlight (top right hand corner), search for and open ‘Directory Utility’
- Click the lock icon to make changes, which will prompt you to log in with your administrator account
- In the top menu bar, select Click Edit -> Enable Root User (if you can’t find this option, it may already be enabled – proceed to the next step)
- Click Edit -> Change Root Password…
- Set a password
If you’re adept at using Terminal, however, you can do the above using the command:
sudo passwd -u root
What’s Apple doing about it?
A fix is now available from Apple, downloadable from the App Store. It takes just minutes to install and doesn’t require a reboot.
Are there any known issues with the fix?
Apple did well in rushing out a solution as quickly as possible but, almost inevitably, it’s come with some minor issues.
- If you’re still on the initial release of High Sierra (10.13) and you install the patch, if you later update to 10.13.1 then the flaw will return. You’ll need to install it again and perform a manual reboot afterwards.
- After installing the fix, some users are finding that they’re unable to authenticate or connect to file shares. If this affects you, please see below for the fix to the fix…
How to fix file sharing
If you’ve installed the fix but now find you’re having problems with file shares, here’s how to resolve this…
- Open the Terminal app
sudo /usr/libexec/configureLocalKDCand press Enter
- Enter your administrator password and press Enter
And.. you’re all done and can celebrate making it through another security flaw.
Now read this: How can I unlock a Mac with an Apple Watch?