But for now, if you're using macOS High Sierra, take a moment to change the root password now, please. The user who tweeted it is already facing criticism from those who believe he failed to give a "responsible disclosure", or when a security researcher agrees to give the affected company time to fix its error before posting about it publicly.
Click the lock in the corner. A recently uncovered bug appears to allow anyone to login as an administrator merely by entering the username "root" and no password. When Directory Utility opens in a new window, go to the menu bar and select Edit Enable Root User, then enter a password for the root user. Click the lock to make changes and enter the administrator name and password.
If you don't need remote access, consider disabling Screen Sharing or Remote Management in the Sharing preference pane as well. You really shouldn't leave your Mac unattended at all until Apple fixes this, and you should shut off guest access for your device. Root is a "superuser" account with read and write privileges over the entire system, including other user accounts.Читайте также: Meghan Markle Says She's Leaving Acting To Focus On Royal Duties
Let us know how it goes for you, and stay tuned for Apple's macOS update soon... However, several users on Twitter, who are running the current version of MacOS High Sierra, 10.13.1, and the MacOS 10.13.2 beta, have said they've been able to replicate it.
Ergin tweeted about the flaw on Tuesday, and as of the time of publication, all MacOS High Sierra machines are still vulnerable. An intruder can also apparently access machines remotely when Remote Manager is enabled through Apple Remote Desktop or screensharing.app, according to some accounts. If you want to protect yourself, physically keep your Mac on lockdown for now, until Apple releases a software update, which we expect will come out in the next 24-48 hours due to the severity of this bug.При любом использовании материалов сайта и дочерних проектов, гиперссылка на обязательна.
«» 2007 - 2017 Copyright.
Автоматизированное извлечение информации сайта запрещено.
Код для вставки в блог