macOS High Sierra security vulnerability discovered, here’s how to set root password for fix

A newly discovered macOS High Sierra flaw is potentially leaving your personal data at risk. Developer Lemi Orhan Ergin publicly contacted Apple Support to ask about the vulnerability he discovered. In the vulnerability he found, someone with physical access to a macOS machine can access and change personal files on the system without needing any admin credentials.

Users who haven’t disabled guest user account access or changed their root passwords (likely most) are currently open to this vulnerability. We’ve included instructions on how to protect yourself in the meantime until an official fix from Apple is released.

Disabling guest user on macOS High Sierra

Step 1 | Launch System Preferences

Step 2 | Select Users & Groups

Step 3 | Select Guest User

Step 4 | Uncheck Allow guests to log in to this computer

Changing root password on macOS High Sierra

Step 1 | Launch System Preferences

Step 2 | Select Users & Groups

Step 3 | Select Login Options

Step 4 | Select Join next to Network Account Server

Step 5 | Select Open Directory Utility

Step 6 | In the menu bar of Directory Utility, select Change Root Password

Step 7 | Create a strong, unique password

We’ve reached out to Apple about the vulnerability and will update if we hear back on when an official solution should be expected. For now the vulnerability is present on both the shipping version of macOS High Sierra as well as the developer and public beta version.

Subscribe to 9to5Mac on YouTube for more Apple news:


You can follow iPhoneFirmware.com on Twitter, add us to your circle on Google+ or like our Facebook page to keep yourself updated on all the latest from Apple and the Web.