Among all the new releases from Apple in 2017, macOS High Sierra is a notable one. It’s the latest version of macOS being introduced by Apple and comes with quite a few amazing features. However, lately a major security bug has been detected in the operating system that is believed to allow anyone to access a mac with root login. This means anyone who access the Mac as a result of this vulnerability will have full administrative access without the need of a password. Now that’s something serious from security point-of-view and should be fixed with software update and Apple will surely come up with one soon.But you really need to do something to make your Mac secure before that official update arrives. Read on to find out how you can make your Mac secure.
Jump To Section:
- Detailed Overview Of Root Login Bug
- How To Find Out If The Security Bug Is Affecting Your Mac
- How To Avoid Root Login To Your macOS High Sierra?
- Does This Bug Also Affect macOS Sierra, El Capitan And Earlier Too?
Detailed Overview Of Root Login Bug
Now, before we get on with the options available for quick-fixing the security problem, let’s take a look at what this bug is all about and what makes it most important. Well, as mentioned earlier, the bug allows anyone to use ‘Root’ as username for getting root access to your Mac without even entering a password. This type of login is possible directly from the user login screen that is generally shown on your Mac at the time of boot, from System Preferences panel where authentication is usually required, and even over Remote Login and VNC if both of them are enabled. All these scenarios give complete access to the affected Mac to anyone who doesn’t even know the administrator password.
And when someone gets root access, they get highest system privileges possible. Root access gives all the administrative capabilities to the person who exploits the security hole along with unrestricted access to system level files or other components.
If you are thinking who will be affected by this security bug them the answer is anyone who is running macOS High Sierra versions 10.13, 10.13.1 and 10.13.2 betas and hasn’t enabled root account before or changed the password to root account previously. Now, this covers most of the Mac users who have shifted to macOS High Sierra when it was made available publicly.
Though it’s a serious issue, you can easily prevent the security glitch by following any of the below mentioned procedures. You just have to set root password and make your Mac secure.
How To Find Out If The Security Bug Is Affecting Your Mac
As it appears, all the machines running macOS High Sierra are affected by the security bug. However, you can easily check out if your Mac is affected or not. Just try root login without password and if you get root access that means you’re affected.
This can be done through boot login screen as well as admin authentication panel that you can find in the System Preferences section.
Just enter ‘root’ as user and don’t enter password before clicking ‘Unlock’ a couple of times. Again, if your device is impacted by the security bug then you will be able to login with root privileges. Remember to hit ‘Unlock’ a couple of times as in first try it will setup your root account having no password, and in second try it will log you in with complete root access.
How To Avoid Root Login To Your macOS High Sierra?
Basically, there are a couple of approaches that you can take for preventing this root login security breach on your Mac. It can be done either through command line or by using Directory Utility. Both these methods are described here in detail. You may find Directory Utility option a bit easier as it uses graphical interface completely. So, let’s get on with these options without wasting any time.
-
Locking Down Root Access With Directory Utility
Here are the steps that you will have to follow for locking down root access through Directory Utility on your macOS High Sierra.
- Launch Spotlight search by pressing Command+Spacebar on your Mac. You can also use Spotlight icon available in menu bar as well.
- Once it opens, type ‘Directory Utility’ in it and press enter to launch it.
- Click on that small lock icon that you can see towards the corner to authenticate with admin login
- Pull down ‘Edit’ menu now and select ‘Change Root Password’. If you haven’t enabled root account yet then select ‘Enable Root User’ first and then set up a new password.
- Now, provide password for root account and clock ‘OK’ after confirmation.
- Close Directory Utility and leave.
Once you are done, getting root access to your Mac will need password which is actually the normal procedure. If this process is not used for explicitly assigning the password to your machine, macOS High Sierra would give anyone access to the root account without any password at all.
-
Assigning Root Password Through Command Line
If you don’t want to use Directory Utility, it is still possible for you to change root password. You can use command line as an alternate. All it takes is a couple of simple commands and you’ll be all good. Here are the steps to follow.
- Open Terminal application that you can find in the /Applications/Utilities/
- Type in the exact code given below into your Terminal window and then press Enter:
sudopasswd root
- Now you will have to enter admin password for authentication purposes and press Enter again.
- Next enter a New password and press Enter, and then confirm the new password by typing it again.
Make sure that you set an easily memorable root password so that you may not end up forgetting it.
Does This Bug Also Affect macOS Sierra, El Capitan And Earlier Too?
As of now, the reports suggest that this security bug is only affecting macOS High Sierra 10.13.x. Earlier versions seem to be safe as no instances are reported.
In addition, even your macOS High Sierra may be safe if you had enabled root previously through Directory Utility or Command Line or maybe if you had changed root password before.
Nevertheless, Apple has already recognized the issue and is working on a particular security update which can be expected sometime soon. However, before that security update comes out, you can use any of the above mentioned methods for keeping your Mac safe from any kind of security breach and avoid unauthorized access if it is running macOS High Sierra.
Check Other Topics: