Back
Featured image of post Howto fix the MacOS High Sierra blank root password flaw

Howto fix the MacOS High Sierra blank root password flaw

A vulnerability within MacOS High Sierra was discovered

It allows logins and/or changes to critical Settings with the Superuser (root) without a password. I’m sure that Apple is already working on a permanent fix for that, until then you should safe your Mac!

How-to fix the macOS blank root password Security issue?

  1. Open ‘Terminal’ or ‘iTerm2’
  2. Type sudo passwd root
  3. Type your (User) password
  4. Select a strong password for root (and repeat it)

Change root password on macOS

Change root password on macOS

I was told, that this critical flaw is fixed in the latest macOS High Sierra 10.13.2 Beta (17C83a), but I tested it and the issue was still present on the test system!!!

[Root Flaw][2]
Root Flaw

Someone told me, that I should disable the ‘Guest’ user. That doesn’t solve the issue, at least not on my two MacOS High Sierra systems.