If you do not follow the instructions concerning our policy on external links
your submission will be sent to the spam folder.
28-Nov-2017 - A new security flaw in macOS High Sierra has been discovered by researchers--one that can grant users access to the system administrator account on a target machine, enabling access to the account without entering a password.
The vulnerability was publicly disclosed on Twitter this afternoon; it’s not clear whether the problem was privately reported to Apple ahead of time, which is the encouraged practice when security vulnerabilities are uncovered.
Several sources confirm the major security issue remains present as of MacOS 10.13.1, the current release of High Sierra.
When the problem is exploited, the user is authenticated into a “System Administrator” account and is given full ability to view files and reset or change passwords for pre-existing users on that machine. Also, Apple ID email addresses tied to users on the Mac can be removed and altered.
Apple Insider says the best protection against the exploit is to disable Guest access.
This can be accomplished by opening up System Preferences, and turning off Allow guests to log in to this computer
Another way to protect your Mac is to ensure you’ve set a root password.
To do that, go to System Preferences > Users & Groups > Login Options > Join > Open Directory Utility > Edit. Enable the Root User if you haven’t already, then choose Change Root Password.
You can also Disable the Root user as explained on AppleInsider.com.
Apple should release a fix soon but please share this with any/all Mac users ASAP!
Update 2-Dec-2017: Apple has released a fix to the macOS "fix". Apparently their rushed update still had security issues so now they say ... "If you recently updated from macOS High Sierra 10.13 to 10.13.1, reboot your Mac to make sure the Security Update is applied properly." Read more on Apple.com