A major security flaw has been revealed in Apple’s latest MacOS release, High Sierra, allowing unauthorized individuals to gain full administrative rights to the computer without a password. The defect is easy to exploit, leaving many computers running the OS at risk of compromise. Drake ITS has taken steps to protect University-owned and managed computers, and recommends everyone using High Sierra on a personal computer to take immediate action as well.
To resolve the issue, you need to reset the root account password. Here are the steps:
1. Click on the Apple icon at the far left of the menubar.
2. Click on System Preferences.
3. Click on Users and Groups.
4. Click on the Lock icon.
5. Enter your Password.
6. Click on Login Options.
7. Click on Join or Edit.
8. Click on Open Directory Utility.
9. Click on the Lock icon.
10. Enter your Password.
11. Click on Edit in the menubar.
12. Click on Enable Root User.
13. Enter and confirm your Root User Password. (Make it a strong, unique one!)
Do not disable the root account. That just blanks the password and allows the exploit to work again.
—Peter Lundstedt, Director, Information Security & Compliance, ITS