Serious macOS High Sierra Security Fix

Update: Apple has since released security update 2017-001 which will fix this issue without having to reset your root password.

A serious security flaw in macOS High Sierra allows an attacker to get root access with no password. If you go into system preferences and authenticate, all you have to do is type in root as the user and no password.

To fix this, simply change your root password:

Change the root password
  1. Choose Apple menu () > System Preferences, then click Users & Groups (or Accounts).
  2. Click lock icon, then enter an administrator name and password.
  3. Click Login Options.
  4. Click Join (or Edit).
  5. Click Open Directory Utility.
  6. Click lock icon in the Directory Utility window, then enter an administrator name and password.
  7. From the menu bar in Directory Utility, choose Edit > Change Root Password…
  8. Enter a root password when prompted.

(Source: https://support.apple.com/en-us/HT204012)

Be the first to comment

Leave a Reply