Security Issue For macOS High Sierra Users

Generic selectors
Exact matches only
Search in title
Search in content
Search in posts
Search in pages
Filter by Categories
Newsletter

High Sierra Bug: Root user

There is a serious flaw in macOS High Sierra that allows an unauthorised user to log in to your computer as “root”.

The “root” user is a special user that has the highest administration rights.

This only affects High Sierra (10.13) users and doesn’t effect Sierra (10.12) or earlier users. To establish if you are running High Sierra, go to the Apple menu, and select “About This Mac”.

You can read about it in more detail here:

https://www.itnews.com.au/news/macos-gives-users-fulladmin-rights-without-password-478686

This is a very serious security risk. To mitigate against it, until Apple issues a security update, you need to set a password for the “root” account. If you are unsure how to do this, please contact us and we will be happy to help you.

High Sierra Bug: Root user UPDATE

Apple has released Security Update 2017-001. Please install this update as quickly as possible.

You will need to go to the ‘App Store’ and click on ‘Updates’ at the top right-hand corner of the window.macOS High Sierra Security update

Add password to ‘Root’ User

Should you wish to add a password to this. Here are the steps:

  1. Go to the Apple icon and open System Preferences and click on “Users & Groups”.
  2. Click on the lock to make changes. Making sure that the padlock is unlocked. It will prompt for a User Name and Password.
Screenshot of users & groups

3. Select “Login Options”, located on the bottom left-hand side of the window.

4. Click on “Join” at the bottom of this same window.

5. Click on “Open Directory Utility”

screenshot for users & Groups at Server

6. Click on the lock to make the change. It will prompt for your User Name and Password.

7. At the top of the menu bar, select “Edit” and click on “Enable Root User”.

8. You will then be prompted to enter a password for the root user account, thus preventing access with a blank password.

screenshot for password for root user