Apple’s Blank Root Password – Daily Security Byte

November 29, 2017 By Corey Nachreiner

Despite what some believe, Apple devices don’t have bullet-proof security, and have been hacked in the past. That said, Apple’s team does tend to take security seriously, and makes better security decisions than some. That’s why the industry was so surprised by an unexpected local root vulnerability in the latest version of MacOS. In short, Apple’s MacOS update results in a blank “root” user password, meaning any unprivileged user with local access can gain complete control of your Mac. Watch the video for more detail, and be sure to change your root password.

<span data-mce-type="bookmark" style="display: inline-block; width: 0px; overflow: hidden; line-height: 0;" class="mce_SELRES_start"></span><span data-mce-type=”bookmark” style=”display: inline-block; width: 0px; overflow: hidden; line-height: 0;” class=”mce_SELRES_start”></span>

Episode Runtime: 3:00

Direct YouTube Link: https://www.youtube.com/watch?v=XnlQT526bCI

EPISODE REFERENCES:

Researchers find that MacOS High Sierra has a blank root password – Mac Rumors
Apple support article on changing the root password – Apple
Apple releases a security update to fix the flaw a day later – Apple
A great new post on why the blank password issue cropped up – Objective See Blog

—Corey Nachreiner, CISSP (@SecAdept)

Related

Leave a Reply Cancel reply