The Root Password Hack Explained

Many Mac news sites and blogs are reporting about a way that someone can gain access to your Mac without your password. However, the danger is usually overstated as someone needs physical access to your Mac to use the exploit. In this video I'll show you the problem and also a simple way to prevent it. However, Apple will probably have a fix for this in the next few days or even hours.



Update: Apple security update 2017-001 fixes this. Released today. Go to the App Store, Updates to get the patch. https://support.apple.com/en-us/HT201222

Comments: 6 Responses to “The Root Password Hack Explained”

    Jimmy
    2 years ago

    Amazing

    Robert Douglass
    2 years ago

    Gary,
    Thanks for the clarity of explanation!
    You’re so good at explaining this stuff, you should do it of a living. :)

    RSD

    Robert Douglass
    2 years ago

    Gary,
    Sorry for the auto-correct misspell in my comment above…
    I meant to say:
    You’re so good at this stuff, you should do it for a living. :)

    Richard Fuhr
    2 years ago

    Apple did release a fix for the “root password hack” but apparently that fix caused another problem, as reported here and many other sources: https://www.engadget.com/2017/11/30/apples-high-sierra-security-patch-affected-mac-file-sharing/ . This morning I saw, on software update, that there was another patch from Apple to download and install.

    Robbie
    2 years ago

    Thanks for the explanation! Question: is it necessary to “disable root user” after we’ve followed your steps? Or does it matter? Thanks!

    2 years ago

    Robbie: None of it matters now, since Apple has patched the problem. With the patch in place, I would disable root user if you don’t need it.

Comments Closed.