How to fix the root flaw in MacOS High Sierra
A turkish researcher found a flaw allowing the access to root account without password on MacOS High Sierra.
This flaw is critical because easily executable. It can be used locally or remotely if the device has an active VNC protocol (screen sharing activated). This flaw grants access to all device’s permissions. The attacker can do whatever he wants.
Attack surface
The access to the authentication panel to tape the administrator password is the only thing needed. This panel is available from any account on the device (locally or remotely via VNC protocol).
The flaw comes from the mistakenly activated root account on MacOS High Sierra. This root account is an inheritance of the UNIX system from which MacOS is developed. It is present and used in the Linux world but normally is deactivated (available but deactivated) on Mac, replaced with administrator accounts that cannot access system files.
How to protect yourself
You just need to set a password for this root account. Never loose this password.
In command lines from whatever administrator account on the device
- Open the terminal. The application is available in the folder
Applications > Utilities
. - Enter the following command line then press
Enter
:sudo passwd -u root
- A password will be asked, enter the password of your root account then press
Enter
. - Enter the same password to confirm and press
Enter
again. - Your root account is configured with a password.
With the graphic interface
- Go to the menu
> System Preferences
. - Click Users & Groups (or Accounts).
- Click the padlock, then enter an administrator name and password.
- Click Login Options.
- Click Join (or Edit).
- Click Open Directory Utility.
- Click the padlock in the Directory Utility window, then enter an administrator name and password.
- From the menu bar in Directory Utility, choose
Edit > Change Root Password...
- Enter a root password when prompted.