How to Fix Critical High Sierra Security Vulnerability

Blog How to Fix Critical High Sierra Security Vulnerability

How to Fix Critical High Sierra Security Vulnerability in macOS with Root Password

An official fix is now available via Apple directly as of today, Nov 29 less than 24 hours after the vulnerability was discovered. You can also fix this via the steps below.

After a security flaw was detected by a software developer who publicly announced the error Tuesday, Apple has now responded with a security update available through the mac App store (blue icon) in less than 24 hours. If you do not see the expected update for your Mac, install any updates listed and then return back to the Updates tab to see. You can also search for the app to update - in this case, that would be High Sierra. Here’s Apple’s guidelines.

This security update is important to install because a vulnerability in the ‘root’ user account can give a hacker access to other areas of your computer, including your private files, as Apple explains.

Users with macOS Sierra 10.12.6 were not affected by this security vulnerability. The new update fixes a logic error that existed in the validation of credentials. This error has now been addressed with improved credential validation.

There are two steps you can take to close this security hole on your own. They include limiting guest access and changing the root password.

Limiting Guest Access

Launch System Preferences.
Select Users and Groups.
Select Guest User.
Uncheck the box that says ‘Allow guests to log into this computer.’

To access this page, you may have to first click on the lock on the lower left and authenticate your account before you can make any changes in this area.

Changing the Root Password

Launch System Preferences.
Select Users and Groups.
Select Log in Options.
Select Join next to Network Account Server.
In the next box, select Open Directory Utility.
Click on the lock on the lower left and enter your password to make changes.
Click on the menu bar (top toolbar) of the Directory Utility and select Change Root Password.
Create a strong password different from your current admin login.

Grove Technologies℠

ABOUT Grove Technologies℠

We are a team of Apple Certified experts that all have backgrounds in either online digital marketing and media, education or managing non profits. We know how to keep your systems safe, online and secure.

Grove℠ is the place where your Apple technology thrives. Check out our managed services. Our App Store solution will keep your computers updated with our tested Apple and Third Party updates. Do not wonder if your up to date or protected.

Know you are.

TWEETS

Learn how the Tax Season Scams work so that you can better protect yourself. Then call Grove Technologies to see how we can put in a plan in place to help your business avoid being a victim. pic.twitter.com/23XPIE9gs7
— Grove Technologies (@thegrovetech) April 8, 2019

RECENT POSTS

MAC SUPPORT DC, MD & VA

By Appointment Only
1030 15th St NW Suite 1050w,
Washington, DC 20005

1-888-253-9103 Send us an Email Book An Appointment See Our Certifications Leave us a review