Security Flaw in MacOS High Sierra

Few hours ago we got the information that a security bug has been discovered on the latest version of the operative system developed by the famous brand of the bitten apple.

The new version of the MacOS High Sierra has a security flaw.

The flaw

The problem is an advantage for everyone that has physical access to your computer and want to grant unauthorized access to it when you are not in the nearby. Those guys can easily obtain administrative (Root) access to your device just playing with accounts settings and without knowing your password.

That issue allows anyone that can operate on you Mac in an unguarded moment to create new users, change settings and install software without any limitation on your system.

You can reproduce the issue by changing System Preferences in the area related to Users & Groups. In the bottom part of the mentioned window you can click on the lock icon to unlock the user management option. Click on the lock icon and login using username “root” and leaving the password field empty. This allows you to gain complete control of the computer as an administrator and make modifications to your system users or create new to grant future access to your device.

The solution

If you have not updated your Mac OS yet to version 10.13 or 10.13.1, do not update it and you will not have anything to worry about.
I recommend you to do not upgrade to High Sierra until the security update will be released by Apple.

If you have already upgraded your system, you may want to take some steps to stem the flaw.

  • Apple itself published some suggestion to fix the problem here.
  • If you are familiar with the Terminal, you can manually set up a Root user password to fix the problem.
    If this is the solution you decide to follow:

    1. Open the Terminal (that strange window with a white background, some words and a blinking black dash)
    2. Type sudo passwd -u root
    3. Then enter the password you want to assign to your computer administrator (a password that you will not forget after 3 minutes if it is possible)

Apple will release the next update shortly and that should put a patch on the flaw.

Apple’s Bulletin

If you are looking for more details here we have the official report released about the problem from Apple itself: Link to the Bulletin.