Discussion:
What to do about Apple’s shameful Mac security flaw
Add Reply
Jim_Higgins
2017-11-29 14:26:13 UTC
Reply
Permalink
Raw Message
What to do about Apple’s shameful Mac security flaw
http://tinyurl.com/y8qyrkwl
--
The choices we make reveal the true nature of our character
Jolly Roger
2017-11-29 16:53:29 UTC
Reply
Permalink
Raw Message
Post by Jim_Higgins
What to do about Apple’s shameful Mac security flaw
Answer: Just update:

<https://support.apple.com/en-us/HT208315>
--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR
Your Name
2017-11-29 19:58:02 UTC
Reply
Permalink
Raw Message
What to do about Apple's shameful Mac security flaw
http://tinyurl.com/y8qyrkwl
You don't need to do any of that crap. Just install Appl'es new update:

Apple Releases macOS High Sierra Security Update
to Fix Root Password Vulnerability
------------------------------------------------
Apple today released Security Update 2017-001
<https://support.apple.com/en-us/HT208315> to fix
a serious vulnerability that enables access to the
root superuser with a blank password on any Mac
running macOS High Sierra version 10.13.1.

<https://www.macrumors.com/2017/11/29/apple-fixes-root-password-bug-security-update/>
David Empson
2017-11-29 20:13:30 UTC
Reply
Permalink
Raw Message
What to do about Apple's shameful Mac security flaw
http://tinyurl.com/y8qyrkwl
Do not follow the advice in that ComputerWorld article as it is out of
date.

Apple has already issued a security update to fix the problem. Run App
Store and install the update. It does not require a restart. (Apple says
it will be installed automatically within a day.)

After installing the security update, the bug will be fixed: future
attempts to authenticate as root with any password while the root
account is disabled will not enable the root account and set its
password to the supplied one.

The security update also disables the root account again, no matter what
password it had. If you wanted to have the root account enabled, you
will need to do that again, setting a suitably strong password. Most Mac
users should NOT do that.
--
David Empson
***@actrix.gen.nz
Loading...