« GhostCtrl Malware Targets Android Users | Main

Wednesday, November 29, 2017

MacOS High Sierra Root Exploit

Turkish software developer Lemi Orhan Ergin has discovered a very serious flaw in the latest macOS, High Sierra that allows anyone with local (and/or possibly, remote) access to the machine to log in as the “root” user without supplying a password. Until Apple patches this flaw you must change the root account’s password NOW. Open up a Terminal (in the Spotlight search box just type “terminal”) and type “sudo passwd root”.

Note that disabling the root account does not fix the problem because the exploit actually causes the account to be re-enabled.

Posted by Matthew Carrick at 10:30.20 AM EST | Permanent Link

| Categories: All Things Mac, Best Practices, Security Alerts