The bug in macOS High Sierra (version 10.13) means it is possible to gain access to a Mac running High Sierra without a password, and most worryingly to access the machine as the Root user with full administration rights.
The bug exists in all versions of High Sierra, including Beta 5 which was released earlier this week.
In the meantime Apple has said to follow these instructions to set a root password:
“Setting a root password prevents unauthorized access to your Mac,” Apple stated.
“To enable the Root User and set a password, follow the instructions below: If a Root User is already enabled, to ensure a blank password is not set, follow the instructions from the ‘Change the root password’ section: https://support.apple.com/en-us/HT204012.”
So there you have it, set a root password and you are safe again from hackers, until Apple releases an update to macOS High Sierra 10.13.
It is annoying that this news and the subsequent promise of a fix came via Twitter, it appears that this bug had been highlighted several weeks ago in the Apple Developer forum, maybe no one was watching.
Also Apple does provide a bug bounty and I am sure this would have been a worthy candidate, however Apple also keeps its cards very close to its chest and publication of information can be slow and hard to find so maybe Twitter was the only avenue to alert the company?
We have assisted many businesses in implementing MDMs, developing custom security policies and procedures, and redesigning their networks.The list goes on and on. Contact us today and see how we can help you too.Contact Sales
We are a remote and fully distributed, Nationwide Apple focused MSP serving Washington DC, Philadelphia, New York, Chicago, San Francisco, San Diego & more.
We focus on providing top notch Mac Support for small to mid-sized businesses. Contact us, and learn how we can help your company.