Apple's latest OS Upgrade 'High Sierra' reportedly has a major security flaw in which the default root user is left with no password.  This rare oversight leaves any Apple computer that has been upgraded to the latest OSX version open to hackers, and malicious software that can be installed without needing a password.

Apple Insider reports that Apple will be releasing a fix soon, but they have not done so yet.  The Loop's Jim Dalrymple and iMore's Rene Ritchie, Apple says it is crafting a patch for a major macOS High Sierra security hole that grants root level access to a logged-in Mac.

"We are working on a software update to address this issue," Apple said. "In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the 'Change the root password' section."

As reported by Buzzfeed, the current workaround is to enable the root account, and keep it enabled with the password of your choice. Here's how:

  • Go to System Preferences > then click Users & Groups (or Accounts).
  • After you click the lock icon, enter your admin name and password. Click Login Options > then click Join (or Edit).
  • Select Open Directory Utility > click the lock icon in the Directory Utility window > then enter your admin name and password again.
  • When Directory Utility opens in a new window, go to the menu bar and select Edit > Enable Root User, then enter a password for the root user.

However our tech's have a quicker way to fix this issue, and we encourage any of our clients to contact a tech if you have recently updated your Mac to High Sierra so we can make sure your system is secure.

As per Natural Network's Managed IT services, our IT clients can have peace of mind in knowing that we are able to fully manage their Windows and Mac based systems.

UPDATE

Apple has released a patch earlier which has resolved this security vulnerability.  Please read more about this update here: https://support.apple.com/en-us/HT208315