This isn’t so much a photography related post, but a PSA for photographers, video professionals, or anybody else who uses a Mac. If you’ve updated to the latest version of High Sierra – 10.13.1 (17B48) – prepare yourself for a shock. This is a big one.
It turns out there’s a big gaping security hole that allows anybody with physical access to your computer to get root access to your entire system. And it doesn’t take any kind of “hacking” skill at all. While Apple will no doubt fix it quite quickly there is something you can do to resolve the issue yourself in the meantime.
To gain access to your system, essentially all somebody needs to do is enter “root” into the username field, no password. After a few attempts, it should just let them log straight in.
Fortunately, though, there is a way for you to fix the problem yourself until you get an update from Apple. As detailed on The Register, simply set a root password. In a console, simply enter the line…
sudo passwd -u root
Then, set a password when prompted. This changes the root password from being empty to a password of your own choosing. Thus thwarting the would-be attacker standing at your keyboard.
While this is primarily being raised as a local user issue, there is the potential for remote root access, too. If you’re running something like a VNC or similar server, somebody could connect as a regular user and then upgrade their access to the root account, gaining control over the whole system.
Apple has also released a guide on enabling the root user of your Mac and changing the root password.
[via The Register]