Mac High Sierra Serious Security Flaw

(Andy Baker) #1

I’m sure you may have heard of this by now, but if you have Macs running High Sierra in your environments, please read.
Anyone can sign into a mac running MacOS High Sierra with the username “root” and no password if they click login a few times. I confirmed it on a friend’s mac a few minutes ago.
Official Apple statement as of now is to create a user with the username “root” and a secure password.
I’m sure it will be patched very soon but we have a few clients with macs and they may have some questions of they hear the news in the morning.

First post about the issues on Twitter by a developer:

Best article I found on it here:

Also, a lot of people saying it can’t be exploited remotely but more tweets showing video of that not being true:

(Will Polley) #2

2017-002 was also released.

This will auto install if you don’t do it yourself.

(Andy Baker) #3

Yes sir. That is correct. Thanks Will!

(Jeremy Nelson) #4

Apple released an emergency update for this yesterday. You just want to make sure that it gets installed ASAP, and you should be good to go.

(Andy Baker) #5

Yes, sir thanks Jeremy!