How to Fix Critical High Sierra Security Vulnerability
How to Fix Critical High Sierra Security Vulnerability in macOS with Root Password
An official fix is now available via Apple directly as of today, Nov 29 less than 24 hours after the vulnerability was discovered. You can also fix this via the steps below.
After a security flaw was detected by a software developer who publicly announced the error Tuesday, Apple has now responded with a security update available through the mac App store (blue icon) in less than 24 hours. If you do not see the expected update for your Mac, install any updates listed and then return back to the Updates tab to see. You can also search for the app to update - in this case, that would be High Sierra. Here’s Apple’s guidelines.
This security update is important to install because a vulnerability in the ‘root’ user account can give a hacker access to other areas of your computer, including your private files, as Apple explains.
Users with macOS Sierra 10.12.6 were not affected by this security vulnerability. The new update fixes a logic error that existed in the validation of credentials. This error has now been addressed with improved credential validation.
There are two steps you can take to close this security hole on your own. They include limiting guest access and changing the root password.
Limiting Guest Access
- Launch System Preferences.
- Select Users and Groups.
- Select Guest User.
- Uncheck the box that says ‘Allow guests to log into this computer.’
To access this page, you may have to first click on the lock on the lower left and authenticate your account before you can make any changes in this area.
Changing the Root Password
- Launch System Preferences.
- Select Users and Groups.
- Select Log in Options.
- Select Join next to Network Account Server.
- In the next box, select Open Directory Utility.
- Click on the lock on the lower left and enter your password to make changes.
- Click on the menu bar (top toolbar) of the Directory Utility and select Change Root Password.
- Create a strong password different from your current admin login.