URGENT: High Sierra - Change 'root' Password

[quote=362048:@Tim Jones]
I still don’t like any OS X / Mac OS newer than 10.4.11, but my Mac Pro 1,1 is on its last legs.[/quote]
Tiger is so last decade :stuck_out_tongue:

Do you know if taking screenshots does this as well?

I’ve tried just touching a file from the terminal (which of course is using the BSD system) and they are delayed in showing up) but Screenshots? I used LR as an example, but any time I create a new file on disk, it takes forever for the finder to realize it is there.

Anyway - secure your root logins folks. My mac was completely open. :frowning:

Next time do it t’other way around. Take one of your other machines and update that, leave your work machine alone. You can always use Remote Debugging.

I have left my work machine on 10.11.6, after the issues with Sierra, I never updated to that, hoping that HS would be better. HS still has some issues on my secondary machine.

What if you close the folder and open it back ?

to refresh a finder window, I also often change the display from list to icons and back.

Wow … I login as Guest User, go to System Preferences, User & Groups, unlock and then enter “root” as username, click into the password field and click on the button. On the first attempt it won’t let me login but on the second attempt (I clicked again into the empty password field), then me (aka the “Guest User”) is logged in as root.

Now I create a new Administrator account. As Guest User.

Great Job, Apple!

P.S.: this was not possible on macOS Sierra

-> One way to change the root password is to open the terminal and type “passwd root” or “sudo passwd root” if you are not already logged in as Administrator.

The fix has been posted by Apple.
Tested here and it seems to prevent the bug.
Under 24 hours is a pretty fast response time but it’s still disturbing that something this big could get through.

(I just feel bad for the guy that found it and didn’t collect the security report bounty from Apple)

The coder that messed that is lucky Steve Jobs isn’t still alive :wink:

The Apple doughnut is full of people who would like to be Steve. I suspect somebody has to take a fall when a password-less root account unlocks any Mac.

BTW - you don’t have to walk through the Directory Access stuff. Just open a Terminal and assign root a password:

sudo passwd root

That will enable the account and set the password in one shot.

https://support.apple.com/en-us/HT208315

Turns out the password was set to whatever you typed in. Just happened the entering blank was what most used to test it.

Yeah, but the real Steve would have had them and their family “disappear” :wink:

AppStore New update available:
“Install this update as soon as possible”.

Never seen that one before…:wink:

My Air is used for testing so I have the latest beta installed. Which is 10.3.2 beta 5 as of yesterday. Is the security update part of this?

no there is a special separate security update.

There is no “Directory Utility” at Apple security releases - Apple Support

I changed the root password as instructed at Fix macOS High Sierra Root Bug by Setting Up Root Password

@Jean-Yves Pochez : strange, why don’t I see this security update?

Because it is for 10.13.1 and you are on 10.13.2 beta?