Preventing macOS root access

A huge security issue in macOS High Sierra has just been revealed on Twitter by Lemi Orhan Ergin:

Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra.
Anyone can login as "root" with empty password after clicking on login button several times.
Are you aware of it @Apple?

I've been able to confirm this on my machine.
This issue occurs when you try to unlock a secure preferences item from the System Preferences app.

This is really bad, as it allows someone with a physical access to the machine to alter any system setting, like changing user passwords, adding admin users, or even decrypting FileVault volumes.

I hope Apple will react soon, providing an update, but in the meantime, here's a simple way to prevent this issue:

Open a new Finder window, and navigate to the /System/Library/CoreServices/Applications directory.
Here you will find an app named Directory Utility.app.

Open it, and unlock it by using the lock icon at the bottom-left of the window.

Directory Utility

Then, from the application's Edit menu, choose Enable root user.

Directory Utility Menu

This will allow you to set a password for the macOS root user.
At this point, the security issue will no longer happen.

Comments

Author
Mashatep
Date
10/13/2017 11:30
This message is posted here using XRumer + XEvil 4.0

XEvil 4.0 is a revolutionary application that can solve any antibot protection.
Captcha Recognition Google (ReCaptcha-1, ReCaptcha-2), Facebook, BING, Hotmail, Yahoo,
Yandex, VKontakte, Captcha Com - and over 8.4 million other types!

You read this - it means it works! ;)
Details on the official website of XEvil.Net, there is a free demo version.

Check YouTube video "XEvil ReCaptcha2"

Add a comment

Preventing macOS root access

Author
Jean-David Gadina
Date
11/26/2017 21:40
Category
Security
Comments
1
Copyright © Jean-David Gadina
This article is published under the terms of the FreeBSD Documentation License.