Over the last day, a major security flaw in new Mac OS High Sierra has been pointed out which may lead to your files being compromised.
The newly-updated OS, which has only come into effect over the last month or two, has a bug that means if your 'screen sharing' (VNC) is turned on (which enables remote connections between two computers) it means that anyone can access your data remotely using the simple username 'root' and no password.
Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as "root" with empty password after clicking on login button several times. Are you aware of it @Apple?
— Lemi Orhan Ergin (@lemiorhan) November 28, 2017
You can access it via System Preferences>Users & Groups>Click the lock to make changes. Then use "root" with no password. And try it for several times. Result is unbelievable! pic.twitter.com/m11qrEvECs
— Lemi Orhan Ergin (@lemiorhan) November 28, 2017
However, while Apple has confirmed that it's working on a fix, users have come up with a temporary solution that should keep your computer and files secure.
See below for the fix:
PSA: if you're on macOS High Sierra, there's a huge security issue. To fix: open a terminal window (Applications|Utilities|Terminal) and type 'sudo passwd root'. Enter your password, and then a new password twice. Add that new password to @1Password in case you need it later.
— Dave Wood 🇨🇦 (@DaveWoodX) November 28, 2017
