MacOS High Sierra Vulnerability – It’s true!

A quick and short post just to advice MAC users to change their root Password as soon as possible

The issue

A quick excerpt of the newly discovered vulnerability – Credit KrebsonSecurity – MacOS High Sierra Users: Change Root Password Now

A newly-discovered flaw in macOS High Sierra — Apple’s latest iteration of its operating system — allows anyone with local (and, apparently in some cases, remote) access to the machine to log in as the all-powerful “root” user without supplying a password. Fortunately, there is a simple fix for this until Apple patches this inexplicable bug: Change the root account’s password now

See it to believe it

I created this quick video to demonstrate how this messy vulnerability works –>

The Solution

Change your root password as soon as possible


MyMACOS:~ MyUser$ sudo passwd root
Changing password for root.
New password:********
Retype new password:********
MyMACOS:~ MyUser$ 

 

What to look forward to?

Keep an eye on Security, and as new software becomes available always be on the lookout for these type of issues

About the Author:

Andres Sarmiento, CCIE # 53520 (Collaboration)
With more than 13 years of experience, Andres is specialized in the Unified Communications and Collaboration technologies. Consulted for several companies in South Florida, also Financial Institutions on behalf of Cisco Systems. Andres has been involved in high-profile implementations including Cisco technologies; such as Data Center, UC & Collaboration, Contact Center Express, Routing & Switching, Security and Hosted IPT Service provider infrastructures.

You can follow Andres using Twitter, LinkedIn or Facebook

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s