BtCIRT has known from different sources that the latest version of MacOS High Sierra 10.13.1 has a major security bug that allows full admin access using root user without password.
While apple might fix the issue, in the mean time BtCIRT recommends all users and administrators to take following measure to ensure you are not victimized.
- Open Terminal and run the following command to change password for root user.
- $ passwd root
- Old Password: [hit enter to assuming it to be blank]
New Password: [Give a strong password]
Retype New Password: [reinter your new password]
- By doing the above you have created a root user with your custom password which prevents attacker from creating a root user with no password.
- If you get “passwd: authentication token failure” while leaving “Old password field” empty, there is nothing to worry you already had a custom root password.
These simple steps could safe you from massive disaster .
BtCIRT once more strongly recommends all its users and administrators to check your Mac and fix the issue at the earliest.
Resources:
- https://www.csoonline.com/article/3238890/security/apples-high-sierra-allows-root-with-no-password-theres-a-workaround-to-help.html
- https://www.cyberscoop.com/macos-high-sierra-apple-root-access-bug/