How to fix Apple’s High Sierra security flaw using Terminal
I cannot comprehend how Apple let this macOS High Security flaw through. I’ve written about it over at Computerworld and have another suggestion to help you deal with it here:
UPDATE:Apple has issued an apology and a patch to rectify this problem, more details here.
Use Terminal
Using Terminal, you can check to see if the flaw affects you, thanks to instructions provided by the Naked Security blog. The flaw uses an unprotected root user account that lets people break into your Mac just by typing root as the user ID and leaving the password blank. However, if you have created and secured a root user already, this problem shouldn’t affect you.
Here is how to use Terminal to check and address this flaw:
To check if you need a root password
- Open Terminal
- Type passwd root
- Hit Return three times.
- You are most likely to see different lines that begin with the words Old Passwordx, New Password and Retype New Password.
If you see an error message appear that reads passwd: authentication token failure, then this means you don’t have a blank root password.
If you don’t see a message then you need to create a root password to protect against the flaw.
To create a root password
- Open Terminal
- Type passwd root
- Type enter when asked for Old Password
- Then choose a good password for root, type this in the New Password section.
- You will then need to retype that new password.
And don’t leave your Mac with people you don’t trust until you’ve addressed this problem.
—> Oddly this flaw never made the keynote…
Dear reader, this is just to let you know that as an Amazon Associate I earn from qualifying purchases.
The “To check if you need a root password” section appears to be wrong, at least in my case. Following these instructions on a system I know to be affected, I would think I don’t need to change the root password, however I can still gain access to protected control panel items with root and without a password. Safer to suggest changing the password always with `sudo passwd root`.