Wednesday, November 29, 2017
MacOS High Sierra Root Exploit
Turkish software developer Lemi Orhan Ergin has discovered a very serious flaw in the latest macOS, High Sierra that allows anyone with local (and/or possibly, remote) access to the machine to log in as the “root” user without supplying a password. Until Apple patches this flaw you must change the root account’s password NOW. Open up a Terminal (in the Spotlight search box just type “terminal”) and type “sudo passwd root”.
Note that disabling the root account does not fix the problem because the exploit actually causes the account to be re-enabled.