On Tuesday 28 November, security researchers published a bug in the new High Sierra Mac operating system which could potentially allow malware or someone with physical access to a Mac, to gain ‘root’ user access.
The user account named ‘root’ is a superuser with read and write privileges to almost every area of the operating system, able to make changes to operating system files required by your Mac.
Apple has released a security update to address this vulnerability. However, it is still a good idea to set a password on the ‘root’ account as well. Once a password is set on this account, malware and malicious attackers will no longer be able to access the ‘root’ account.
To apply the most recent Security Patches, go to the Apple Store > Updates.
Should you wish to set a password on the ‘root’ account of your own Mac, you can follow the steps below:
Log in as the root user:
- Go to the Mac login screen. If you are already logged in, go to Apple Menu > Lock screen.
- At the login window, if you see a series of user icons, click the “Other” icon.
- You should see username and password fields. Log in with the username ‘root’ (without quotes) and leave the password field blank.
Change the ‘root’ account password
- Choose Apple menu (Apple icon) > “System Preferences”, then click “Users & Groups” (or accounts)
- If the padlock icon appears locked, click on it and then enter an administrator username and password (‘root’ and blank should work if you have not set a ‘root’ account password yet)
- Click on the “System Administrator” at the top of the user list on the left, then click “Change Password”
- Leave the “Old password” blank and enter a new secure password in the “New password” and “Verify” fields, and click “Change Password”.
- Go to the Apple Menu > Log Out
(The above procedure will work for computers joined to a network as well.)
If your company is interested in improving its information security position, please contact the Conosco Security Division today.