MacOS root problems
Apple’s latest OS for Mac has been shipped with a major security hole that renders it venerable to access by anyone at the console, including access to your supposedly secure passwords in the Keychain.
Locked is not secure
It appears that you don’t need a password to access the new OS and access a users data, using the ‘root’ user account with no password allows you access to any Mac running High Sierra.
It’s likely Apple will be very quickly rolling out a patch to fix this oversight, but in the meantime you should consider your Mac to be essentially unlocked while you are not using it. Even after a restart, or with a super-complex password, users are able to bypass the security and access the computer.
One possible workaround to prevent unauthorised use of the root user is to add a password to the root user account:
- Go to the Apple Menu and select SYSTEM PREFERENCES
- Click on USERS & GROUPS or ACCOUNTS
- Click the padlock icon and enter an administrators credentials
- Click LOGIN OPTIONS
- Click JOIN or EDIT
- Click OPEN DIRECTORY UTILITY
- Click the padlock icon and enter administrators credentials again
- Click EDIT and choose CHANGE ROOT USER PASSWORD
- Enter a secure password for the root account
- Click EDIT and select DISABLE ROOT USER if it’s available
Many users have confirmed the vulnerability and vented their frustration at yet another problem on the Apple OS.
Massive Vulnerability
Due to the nature of this vulnerability, it means a user accessing the system as root can get access to your Keychain passwords, meaning you’ll need to change your credentials on any sites, apps or computers that are saved in your Keychain.
When MacOS High Sierra was launched, it had another password vulnerability that meant passwords in the Keychain could be extracted
0 Comments