Apple’s latest macOS, High Sierra, have come under scrutiny for its security flaws. According to a tweet, there is a security bug in High Sierra OS that allows anyone with physical access to your Macintosh PC gain root access without the need of entering the password.
You can access it via System Preferences>Users & Groups>Click the lock to make changes. Then use “root” with no password. And try it for several times. Result is unbelievable! pic.twitter.com/m11qrEvECs
— Lemi Orhan Ergin (@lemiorhan) November 28, 2017
A hacker, in an unlocked computer, just have to type “root” into the “User Name” field, leaving the password field blank, and hitting “enter” while in the “Users & Groups” section of “System Preferences”. This will authenticate them to “System Administrator” account, where they can see all your files, folders and documents, and even change your pre-existing username and password.
Also Root: How to Change Theme of On-screen Navigational Bar On Any Phone
How to Restrict Anyone Gaining Root Access in macOS High Sierra?
Well, as soon as High Siera security vulnerability was made public, Apple quickly responded to it by ensuring that a security patch is on its way and will be fixed by software update very soon. For the meantime, Apple published a step-by-step guide that users can perform now to protect their Macintosh from any threat.
This is what you need to do:
Enable or disable the root user
- Choose Apple menu > System Preferences, then click Users & Groups (or Accounts).
- Click,(lock icon) then enter an administrator name and password.
- Click Login Options.
- Click Join (or Edit).
- Click Open Directory Utility.
- Click (lock icon) in the Directory Utility window, then enter an administrator name and password.
- From the menu bar in Directory Utility:
- Choose Edit > Enable Root User, then enter the password that you want to use for the root user.
- Or choose Edit > Disable Root User.
If Root User is enabled, you have to set a password, separately to ensure a blank password is not set. Follow the instructions from the ‘Change the root password’ section to set your Root password.
Change the root password
- Choose Apple menu () > System Preferences, then click Users & Groups (or Accounts).
- Click (lock icon), then enter an administrator name and password.
- Click Login Options.
- Click Join (or Edit).
- Click Open Directory Utility.
- Click (lock icon) in the Directory Utility window, then enter an administrator name and password.
- From the menu bar in Directory Utility, choose Edit > Change Root Password…
- Enter a root password when prompted.
So, until Apple releases the security patch, you can use these steps to safeguard your system from getting exposed to hackers.
