Author Picture

Major announcement reveals a critical flaw in Apple’s operating system.

From The Verge:

There’s a major flaw in Apple’s macOS High Sierra operating system that allows anyone with physical access to a Mac to gain system administrator access without so much as entering a password. Late Tuesday, Apple confirmed that it’s working on a software update to fix the issue and published step-by-step instructions to help customers protect their machines in the meantime.

The vulnerability was publicly disclosed on Twitter this afternoon; it’s not clear whether the problem was privately reported to Apple ahead of time, which is the encouraged practice when security vulnerabilities are uncovered.

Here is Apple’s response. Please see https://support.apple.com/en-us/HT204012 for complete details:

Enable or disable the root user

apple root security flaw

Choose Apple menu () > System Preferences, then click Users & Groups (or Accounts).
Click lock icon, then enter an administrator name and password.
Click Login Options.
Click Join (or Edit).
Click Open Directory Utility.
Click lock icon in the Directory Utility window, then enter an administrator name and password.
From the menu bar in Directory Utility:
Choose Edit > Enable Root User, then enter the password that you want to use for the root user.
Or choose Edit > Disable Root User.
Log in as the root user

When the root user is enabled, you have the privileges of the root user only while logged in as the root user.
Choose Apple menu > Log Out to log out of your current user account.
At the login window, log in with the user name ”root” and the password you created for the root user.
If the login window is a list of users, click Other, then log in.
Remember to disable the root user after completing your task.
Change the root password

Choose Apple menu () > System Preferences, then click Users & Groups (or Accounts).
Click lock icon, then enter an administrator name and password.
Click Login Options.
Click Join (or Edit).
Click Open Directory Utility.
Click lock icon in the Directory Utility window, then enter an administrator name and password.
From the menu bar in Directory Utility, choose Edit > Change Root Password…
Enter a root password when prompted.
Published Date: Nov 28, 2017

About The Author

Get a Free Assessment

Let's make a plan for growing your business with the support of managed IT services. Complete the form to request a consultation and get started.

Scroll to Top