Major macOS High Sierra Vulnerability Puts Data At Risk, Here’s How To Protect Yourself

A new vulnerability affecting macOS High Sierra powered devices has been discovered and made public by developer Lemi Orhan Ergin, who contacted Apple Support asking them about it. The vulnerability that is limited to High Sierra allows anyone with physical access to a Mac to access and make changes to user’s personal files without having admin privileges to the system. This includes users accessing Guest account.

If you have a Mac that has Guest account disabled and you have changed the default root passwords for your Mac, then you are safe. However if you have a guest account running and have not changed the root password of your machine, then your computer is vulnerable. A guest account is also not required for this hack to work.

Update: Apple has fixed this issue with a software update.

Apple has been made aware of this major security flaw and as usual company has promised a fix will be released very soon. Until then you can keep your data safe by disabling the guest account on your account and changing your Mac’s root password, instructions to which are available below.

  1. On your Mac launch System Preferences.
  2. Click on Users & Groups and select Guest User.
  3. Uncheck ‘Allow Guests to log in to this computer’.

After you have disabled the Guest account you should change the root password of your machine, this step is more crucial.

  1. On your Mac launch System Preferences.
  2. Click on Users & Groups and select Login options.
  3. Click on ‘Join…’ button and then click on the ‘Open Directory Utility’ button.
  4. Click on the padlock button and enter your password to start making changes.
  5. Click on the ‘Directory Editor’ button.
  6. From the list find and click on Change Root Password.

If change root password is not clickable, that means you need to set a password for your computer. Click on Enable Root Users and choose a strong password.

Disclosure: iOSHacker may receive a commission if you purchase products through our affiliate links. For more visit our privacy policy page.
Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Previous Article

Apple Posts 4 New Ads Promoting iPhone X Face ID And Animoji Features

Next Article

Apple Fixes macOS Vulnerability That Gave Unauthorized Access To User Data