How to protect yourself from the massive macOS High Sierra security vulnerability
So your macOS High Sierra-running machine is vulnerable to hackers. Like, really vulnerable.
Thankfully, there's a simple way to protect yourself — so long as you can follow a seven-step process laid out Tuesday by Apple. (Update: Apple has released an official patch.)
News broke Nov. 28 on Twitter that an attacker could gain root-user access to an unlocked computer simply by typing "root" into the "User Name" field, leaving the password field blank, and hitting "enter" while in the "Users & Groups" section of "System Preferences."
This Tweet is currently unavailable. It might be loading or has been removed.
To make matters worse, if a computer had screen sharing enabled, this could reportedly be exploited remotely.
This Tweet is currently unavailable. It might be loading or has been removed.
Apple is currently scrambling to issue a fix, but in the meantime it published instructions on how to protect your computer.
“We are working on a software update to address this issue," the company said in a statement. "In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012."
When you click through the link, you find those aforementioned seven steps.
1. Choose Apple menu () > System Preferences, then click Users & Groups (or Accounts).
2. Click [lock icon], then enter an administrator name and password.
3. Click Login Options.
4. Click Join (or Edit).
5. Click Open Directory Utility.
6. Click [lock icon] in the Directory Utility window, then enter an administrator name and password.
7. From the menu bar in Directory Utility:
* Choose Edit > Enable Root User, then enter the password that you want to use for the root user.
* Or choose Edit > Disable Root User.
Easy right? But wait, there's more. "If a Root User is already enabled," the Apple statement continues, "to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.”
Those eight steps are:
1. Choose Apple menu () > System Preferences, then click Users & Groups (or Accounts).
2. Click [lock icon], then enter an administrator name and password.
3. Click Login Options.
4. Click Join (or Edit).
5. Click Open Directory Utility.
6. Click [lock icon] in the Directory Utility window, then enter an administrator name and password.
7. From the menu bar in Directory Utility, choose Edit > Change Root Password…
8. Enter a root password when prompted.
So there you have it. Until Apple releases an official patch, you'll just have to clean up its mess on your own.
UPDATE: Nov. 29, 2017, 11:03 a.m. PST This story has been updated to note that Apple released an official patch.
Topics Apple Cybersecurity
