Safeguard against macOS High Sierra Root Login Security Bug

Summary

macOS High Sierra users warn yourself, there is a root login security bug lurking in the boot login screen that compromises the security of your computer with root access. The blog provides tried and tested solutions to fix this issue. To know, read on.

There is a bug in High Sierra that allows anyone to bypass root login just by clicking other on the login screen, typing root, and then clicking on unlock twice without the need for password authentication. This is a major security vulnerability, and attackers could compromise Mac security and data. If Mac data has been deleted by an unauthorized person using the flaw, users are recommended to use a Mac data recovery software to recover the lost data.

In case your Mac is running on macOS High Sierra 10.13.1, certainly, you are vulnerable to this flaw. Apple has released a fix within 24 hours after its revelation. Just install the Security Update 2017-001. To install the fix, go through the following steps:

  1. Go to Apple menu, then click on App Store
  2. Click the Updates tab to find Security Update 2017-001
  3. Click the UPDATE button on the screen showing Security Update

The update immediately applies to the Directory Utility application in macOS. You do not need to reboot your Mac for security update changes to take effect. After the update, your macOS High Sierra possesses the build number 17B1002. The bug is not impacted on macOS Sierra 10.12.6 and earlier, so these users do not need to fear.

Looking at the seriousness of the vulnerability, Apple has started pushing the update automatically. To check whether the update is present on your Mac, just go through the following steps:

  1. Go to Apple menu, then click on About This Mac
  2. Under macOS High Sierra, click the Version text
  3. Build number appears beside version, verify the same
  4. Alternately, use Terminal and type sw_vers

If your version is prior to 17B1002, then you need to manually install the fix as discussed above. If your version is the same or subsequent to 17B1002 then you are safe.

Stay safe and create a root password to stop any unauthorized access either through Directory Utility or via Terminal as explained in the succeeding section:

To change root password using Directory Utility:

  1. Go to Spotlight, type Directory Utility to search, and hit return
  2. Under Directory Utility, click the lock icon for editing
  3. Click Edit from the menu bar and select Change Root Password
  4. Click OK after entering a password and verifying the same
  5. Close Directory Utility
  6. If Root User account is disabled, then enable the same from Edit and set password

To change root password using the command line:

  1. Use Terminal and type sudo passwd root
  2. Authenticate using the admin password and hit return
  3. Type a new password and hit return
  4. Type the password again to confirm and hit return

Once your password for root is changed, the security vulnerability present in macOS High Sierra will not affect you, as now no one can access root without entering the password. Furthermore, it is advisable to create a strong password.

In the event of data loss due to your Mac system security breach, you can use Stellar Mac Data Recovery – Professional to recover your lost data. The steps to perform the recovery process is as follows:

Step 1. Download, install and launch the software on your Mac

Step 2. Use the software’s interface to recover your lost data

Stellar Mac data recovery

Step 3. Save the recovered data in an external storage device to avoid overwriting

Yes, you’ve saved your data. Also, make a habit of backing up data regularly using Time Machine. This will ensure you will get back your data at the time of disaster.

Synopsis

The blog points out a serious security vulnerability in macOS High Sierra in which anyone can access Mac machine from login screen using root and no password. The blog provides few tips to fix and stop the root access. If your system is compromised and data is intentionally deleted, you can positively recover through Stellar Mac Data Recovery – Professional. The software is powerful enough to handle any kind of logical failure to access your data.

Comments(6)
  1. Gabriel Peck May 22, 2018
    • Vishal May 23, 2018
  2. Ziggy January 9, 2018
    • Shailendra Kumar January 15, 2018
  3. Mark Rogers December 21, 2017
    • Shailendra Kumar December 28, 2017

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.