Don’t leave your Mac unattended. High Sierra bug lets anyone log in as root
This isn’t so much a photography related post, but a PSA for photographers, video professionals, or anybody else who uses a Mac. If you’ve updated to the latest version of High Sierra – 10.13.1 (17B48) – prepare yourself for a shock. This is a big one.
It turns out there’s a big gaping security hole that allows anybody with physical access to your computer to get root access to your entire system. And it doesn’t take any kind of “hacking” skill at all. While Apple will no doubt fix it quite quickly there is something you can do to resolve the issue yourself in the meantime.
To gain access to your system, essentially all somebody needs to do is enter “root” into the username field, no password. After a few attempts, it should just let them log straight in.
Fortunately, though, there is a way for you to fix the problem yourself until you get an update from Apple. As detailed on The Register, simply set a root password. In a console, simply enter the line…
sudo passwd -u root
Then, set a password when prompted. This changes the root password from being empty to a password of your own choosing. Thus thwarting the would-be attacker standing at your keyboard.
While this is primarily being raised as a local user issue, there is the potential for remote root access, too. If you’re running something like a VNC or similar server, somebody could connect as a regular user and then upgrade their access to the root account, gaining control over the whole system.
Apple has also released a guide on enabling the root user of your Mac and changing the root password.
[via The Register]
John Aldred is a photographer with over 20 years of experience in the portrait and commercial worlds. He is based in Scotland and has been an early adopter – and occasional beta tester – of almost every digital imaging technology in that time. As well as his creative visual work, John uses 3D printing, electronics and programming to create his own photography and filmmaking tools and consults for a number of brands across the industry.