High Sierra Bug: Root user
There is a serious flaw in macOS High Sierra that allows an unauthorised user to log in to your computer as “root”.
The “root” user is a special user that has the highest administration rights.
This only affects High Sierra (10.13) users and doesn’t effect Sierra (10.12) or earlier users. To establish if you are running High Sierra, go to the Apple menu, and select “About This Mac”.
You can read about it in more detail here:
https://www.itnews.com.au/news/macos-gives-users-fulladmin-rights-without-password-478686
This is a very serious security risk. To mitigate against it, until Apple issues a security update, you need to set a password for the “root” account. If you are unsure how to do this, please contact us and we will be happy to help you.
High Sierra Bug: Root user UPDATE
Apple has released Security Update 2017-001. Please install this update as quickly as possible.
You will need to go to the ‘App Store’ and click on ‘Updates’ at the top right-hand corner of the window.
Add password to ‘Root’ User
Should you wish to add a password to this. Here are the steps:
- Go to the Apple icon and open System Preferences and click on “Users & Groups”.
- Click on the lock to make changes. Making sure that the padlock is unlocked. It will prompt for a User Name and Password.
3. Select “Login Options”, located on the bottom left-hand side of the window.
4. Click on “Join” at the bottom of this same window.
5. Click on “Open Directory Utility”
6. Click on the lock to make the change. It will prompt for your User Name and Password.
7. At the top of the menu bar, select “Edit” and click on “Enable Root User”.
8. You will then be prompted to enter a password for the root user account, thus preventing access with a blank password.
