Rotten Apple

How not to make a secure OS

Update: Apple has released an update that fixes this bug. If you’re using OS X High Sierra you should update. If you’re not, keep reading because setting your root password is a good thing to do anyway.

What happened

Apple has a major security bug in the latest version of MacOS that allows anybody to get full admin (root) access without a password. As a result, people are a little peeved about it:

What to do about it

You can fix this even if you’re not using the latest version by setting your root password. First, open a Terminal window and enter this command:


sudo passwd -u root

This will ask you for your password, and then ask you to enter and confirm your new root password. Note: You don’t see what you’re typing or any asterisks when you enter passwords in the Terminal. Just relax and make sure you enter the password correctly:


Password:
Changing password for root.
New password:
Retype new password:

Finally, make sure to use a password that isn’t the same as your user account, and that’s either stored securely (I like LastPass) or is easy to remember but hard to guess.

If you aren’t an admin user you’ll see an error message like this:


USERNAME is not in the sudoers file. This incident will be reported.

Don’t freak out because the “reporting” is just making a note in a local file. (Or is it…) You won’t be able to fix this, but somebody who uses your computer must have an admin account, so ask them and they’ll be able to fix it. Or you can use the instructions on Apple’s site.

I expect Apple should have a fix for this soon, because it’s really bad.

Leave a Reply

Your email address will not be published.