Apple fixes root password bug

Nov 30, 2017, 12:37
Apple fixes root password bug

As our reliance on tech gadgets increases, we are prone to be attacked at some point or the other.

For those who do have High Sierra on their Macs and have experienced this bug, the best course of action is, as Apple says, to create a root password.

In short, setting a genuine root user and making a password for it puts you back in control and plugs up this blank password flaw.

Experts also warn against trying out the bug for yourself, as once enabled the flaw can then be more easily exploited even on a locked Mac. However, the hack can also be performed while the Mac is left unattended while logged into the main user's account.

Apple has frequently marketed itself as providing a superior, more secure operating environment than you find in the PC universe (whether this is actually true or merely reflects Apple's relatively small market share is an argued question).

Videos posted online show people in the users and groups box typing the username "root" at the login screen, leaving the password field empty, and appearing to get unrestricted access to the machine.

"Even so, all Mac owners would be well advised to install the resultant patch, just as soon as it becomes available".

Apple now says that it is working on a fix for what is a serious security issue. Click the lock icon and enter your administrator name and password. "Never mind one from a security and privacy-conscious company such as Apple", Steve Troughton-Smith, a Mac software developer, wrote on Twitter.

Apple's own statement on Wednesday said the company's security team were not made aware of the problem until 28 November - though it is not clear if another department at the company was aware. In addition, if a Mac user has "screen sharing" enabled, perhaps from a previous IT support issue, the root login can be used to remotely view the users screen without them knowing, or login remotely. Click Login Options, then click Join (or Edit). Then, click on Open Directory Utility and select Edit option in Mac's menu bar that will prompt you for a password.