High Sierra Bug Provides Full Root Access

It turns out that there’s a bug in macOS 10.13 High Sierra that lets anyone gain admin access by entering root, without a password, when unlocking System Preference panes, authenticating certain actions, or even logging into the Mac. The solution is simple, but since the vulnerability is very real, and can be exploited both locally and remotely, you’ll want to protect yourself by setting a root password.


Read the full article at TidBITS, the oldest continuously published technology publication on the Internet. To get a full-text RSS feed, help support our work and become a TidBITS member! Members also enjoy an ad-free version of our Web site, email delivery of individual articles, the ability to make long comments with live links, and discounts on Take Control orders and other Apple-related products.

TidBITS: Apple News for the Rest of Us