Massive Vulnerabilityĭue to the nature of this vulnerability, it means a user accessing the system as root can get access to your Keychain passwords, meaning you’ll need to change your credentials on any sites, apps or computers that are saved in your Keychain. Many users have confirmed the vulnerability and vented their frustration at yet another problem on the Apple OS. Anyone attempting to logging into a Mac running macOS High Sierra can gain access to the computer by entering the user name root and leaving the password. Click EDIT and select DISABLE ROOT USER if it’s available.When complete, the computer will automatically reboot. At the MacOS Utilities screen, choose Disk Utility. At the boot drive selection, select the macOS High Sierra installer drive. Choose system drive for install (Example: Macintosh HD). With the MacOS High Sierra boot drive connected to the Mac, reboot the computer and hold down the OPTION / ALT key until you see the Startup Manager screen. Please note, the Application will disappear after use. Enter a secure password for the root account Download Install macOS High Sierra Application from the Mac App Store.Click EDIT and choose CHANGE ROOT USER PASSWORD.Click the padlock icon and enter administrators credentials again.Click the padlock icon and enter an administrators credentials.Go to the Apple Menu and select SYSTEM PREFERENCES. One possible workaround to prevent unauthorised use of the root user is to add a password to the root user account: Even after a restart, or with a super-complex password, users are able to bypass the security and access the computer. It’s likely Apple will be very quickly rolling out a patch to fix this oversight, but in the meantime you should consider your Mac to be essentially unlocked while you are not using it. It appears that you don’t need a password to access the new OS and access a users data, using the ‘root’ user account with no password allows you access to any Mac running High Sierra. Apple’s latest OS for Mac has been shipped with a major security hole that renders it venerable to access by anyone at the console, including access to your supposedly secure passwords in the Keychain.
0 Comments
Leave a Reply. |