There's an embarrassing and unsafe security hole in the latest Mac software

Share

That is the full Unix root account, which has superuser privileges that enable it to see and modify any file in any account. In our tests, this works regardless of whether the current user is an administrator or not. You can do this from the user login screen. Select Open Directory Utility click the lock icon in the Directory Utility window then enter your admin name and password again.

Without explaining what the actual bug is (we don't want to make it any easier for potential hackers than this already is, and you can find it on Twitter pretty easily), someone can login to a Mac by typing a word in the login field, leaving the password field blank, and attempting to log in several times. And, as most security experts would attest, physical access will eventually trump any logical security you may have in place. I've confirmed that if you have Screen Sharing (or Remote Management) enabled in System Preferences Sharing, someone can connect to your Mac over the local network or, depending on your Internet setup, the outside world. There are likely many more ways that someone taking advantage of the issue could wreak havoc on a Mac desktop or laptop.

To protect your computer, you'll need to create a root password.

Apple has not yet officially fixed - let alone commented on - this critical bug.

Currently, there is no official fix from Apple regarding the issue.

TIME Magazine Refutes Donald Trump's 'Person of the Year' Claim
A Time Inc spokesperson confirmed to the Washington Post earlier this year that the magazine has never published such an issue. In 2012, 2014 and 2015, he even complained about not being picked - on Twitter , of course.

Enter "root" again with no password. Users can prevent an attacker from exploiting a bug by creating a "root" account themselves and giving it a custom password.

Once in the "Join" menu, click on "Open Directory Utility".

The workaround right now according to the Twitterverse, is to set a root user password.

Let us know how it goes for you, and stay tuned for Apple's macOS update soon...

Share