URGENT: High Sierra - Change 'root' Password

  1. 2 weeks ago

    Phillip Z

    Nov 28 Pre-Release Testers, Xojo Pro Florence, SC

    https://twitter.com/lemiorhan/status/935578694541770752

  2. Phillip Z

    Nov 28 Pre-Release Testers, Xojo Pro Florence, SC

    I have personally verified this affects 10.13

  3. Phillip Z

    Nov 28 Pre-Release Testers, Xojo Pro Florence, SC
    Edited 2 weeks ago

    Best way to fix:

    Open 'Directory Utility' from Spotlight. Then click 'Edit' in Menu and click 'Change Root Password'. (Enable root user first if you did not try the vulnerability).

    Disabling the 'root' user is NOT enough.

    DO NOT disable 'root' user after changing password or you will be vulnerable again.

  4. Jean-Yves P

    Nov 28 Pre-Release Testers, Xojo Pro Europe (France, Besancon)

    wasn't it corrected in 10.13.1 ?

  5. Phillip Z

    Nov 28 Pre-Release Testers, Xojo Pro Florence, SC

    No I have verified on 10.13.1

  6. Paul L

    Nov 28 Xojo Inc http://developer.xojo.com

    More info: https://www.macrumors.com/2017/11/28/macos-high-sierra-bug-admin-access/

  7. José M

    Nov 28 Pre-Release Testers, Xojo Pro Spain

    Wooow, tested. The worse is that in login, select "Other user", enter root, click on password, enter and you're in! (10.13.1)

  8. Phillip Z

    Nov 28 Pre-Release Testers, Xojo Pro Florence, SC

    To me this has to be a 9.5 out of 10. Just fundamental UNIX and frankly OS stuff here. Windows 95 let me login as Administrator with no password...

  9. Phillip Z

    Nov 28 Pre-Release Testers, Xojo Pro Florence, SC

    Works remotely with Remote Desktop as well. Attackers can then activate SSH and totally commandeer the machine.

  10. Tim P

    Nov 28 Pre-Release Testers, Xojo Pro

    Tested Secure on 10.11

  11. Kem T

    Nov 28 Pre-Release Testers, Xojo Pro New York

    Wow, they are getting really lazy with their back doors. :)

  12. Jean-Yves P

    Nov 28 Pre-Release Testers, Xojo Pro Europe (France, Besancon)

    never install an apple os before 10.XX.3, generally around feb/mars...

  13. Jean-Yves P

    Nov 28 Pre-Release Testers, Xojo Pro Europe (France, Besancon)

    @Tim P Tested Secure on 10.11

    I'm also confident it's secure under 10.6.8 !

  14. Kem T

    Nov 28 Pre-Release Testers, Xojo Pro New York

    @Jean-YvesPochez never install an apple os before 10.XX.3, generally around feb/mars...

    This is exactly what I used to tell my clients. Most even listened.

  15. Phillip Z

    Nov 28 Pre-Release Testers, Xojo Pro Florence, SC

    My OCD gets pissed off with the App Store badge and constant reminders “do you want to update tonight?” No

    “Do you want to update tonight?” No

    “Do you want to update tonight?” No

    Microsoft learned. They don’t even ask anymore.

  16. Norman P

    Nov 28 Xojo Inc

    macOS users have long been "update first ask questions later"
    In part at least because Apple's updates worked reliably
    They still do that for things like iOS where within a short time most users are on the new OS
    However Apple has messed a few up and now people do say "oh dont do that" :)
    For "consumers" like my mom I do tell them to just turn the autoupdates on and leave them on
    Saves me headaches

    MS updates were fraught with peril and unreliable as all get out for a long time (anyone ever get blue screened updates ? such fun)
    They're getting better but still not to the point I'd say turn it on and forget it

  17. Markus W

    Nov 28 Pre-Release Testers, Xojo Pro #JeSuisHuman Europe (Germany)...

    @Norman P macOS users have long been "update first ask questions later"
    In part at least because Apple's updates worked reliably

    But that was before they moved from a 18-24 month release cycle to a 12 month release cycle …

  18. Kimball L

    Nov 28 Pre-Release Testers, Xojo Pro Meridian, ID, USA

    I've had all kinds of problems with 10.13 High Sierra. My favorite (most anger-inducing?) issue is when I take a screenshot with Command-Shift-4 it takes between 20-30 seconds for the screenshot file to appear on my desktop. In fact, any time I need to write a file to the filesystem, it takes a long time for the finder to realize it is there. I exported a bunch of photos from LightRoom yesterday, and went to the export location in the finder only to find it was empty.... went back to LR to export again, and LR asked if I wanted to replace the files... Huh? They're not there... back to the finder, still can't find them. Scratch head for a bit, then suddenly - boom - the exported images appear in the finder window.

    I'm apparently not alone with this issue - there are lots of discussion on apple's forums about it, but none of the proposed "solutions" have had any effect for me.

    I regret upgrading to HS when I did - but I had to in order to ensure compatibility with the software I make a living selling.

    My non-production machines (at home, kids computers, non-critical stuff in the office etc) are all 10.12 or older, and will stay that way for the time being.

  19. Tim J

    Nov 28 Pre-Release Testers, Xojo Pro Back in Phoenix, AZ USA (desic...

    @Kimball L went back to LR to export again, and LR asked if I wanted to replace the files... Huh? They're not there... back to the finder, still can't find them. Scratch head for a bit, then suddenly - boom - the exported images appear in the finder window.

    I can answer that one - Adobe products use BSD backend calls to create, read, and write files. This means that Finder doesn't know about a new file until the next update loop for the cache. Even fsevents sometimes doesn't see the changes until after the event.

    I still don't like any OS X / Mac OS newer than 10.4.11, but my Mac Pro 1,1 is on its last legs.

  20. Norman P

    Nov 28 Xojo Inc

    Hence why I love the rMBP I have
    I can boot anything from 10.9 to 10.13 (including an APFS and non-APFS set up)

  21. Newer ›

or Sign Up to reply!