This issue came up while I was occupied elsewhere, so I’ve included some links explaining the problem. However, the crucial thing is that Apple has published (with commendable speed) a fix for the issue with High Sierra 10.13.1 (apparently earlier builds aren’t impacted).
Sophos: Apple closes that big root hole – “Install this update as soon as possible”
Apple’s announcement
Apple’s update: Security Update 2017-001
Sophos on the problem: Apple Macs have gaping root hole – here’s a superquick way to check and fix it
The Register: As Apple fixes macOS root password hole, here’s what went wrong “While you patch your Mac, take a look at what upset the Apple cart this week”
The Register (earlier): Pro tip: You can log into macOS High Sierra as root with no password – Apple, this is Windows 95 bad – but there is a workaround to kill the bug
David Harley
Leave a Reply