I can confirm the new root security flaw would affect the Apple’s MacBook Pro 2016 model because I’m using one at the moment. I can also confirm this same flaw would also work on my older MacBook Pro (Mid 2010 model). Basically, as of how other people have mentioned, this flaw would work regardlessly the MacBook laptop model you’re using as long you had upgraded your MacBook machine to Mac OS High Sierra. As of now, the flaw is also affecting the latest version of Mac SO High Sierra (10.13.1). How would the flaw work? Read on…
I assume this flaw would work still even you have turned on FileVault. Basically, as long your Mac allow anybody to enter the username as root at the login screen or any login prompt (except in terminal), he/she could just hit enter once or twice without using any password and the root login would be successful. If you’re new to Mac and Linux, let’s just say that root is the super account that can do just about anything on Mac and Linux machines. Root can change all users’ passwords. In fact, root can even erase the entire machine’s storage and destroy the whole operating system with just one command which is [rm -rf /].
I tested the flaw out as how I’d seen on YouTube, and it worked marvelously. Basically, I was already logged into the machine, and so I went to System Preferences > Users & Groups > clicked the lock icon at the bottom left > entered root at the username prompt > hit “enter key” twice and became root right after. From here I could change any user’s password or delete any user and group. In fact, any login prompt would allow me to become root and execute the available super account’s features.
To fix this problem, as seen on YouTube, I opened up the terminal > typed in the command [sudo su] > entered root password (hit enter key without password won’t work in terminal) > typed in command [passwd] > entered same root password or new one (doesn’t matter as long you type in a password you could remember) > exit the terminal entirely by typed [exit] couple times in the terminal > shutdown the terminal by quitting the terminal from the dock. After this, I tried the root flaw and it wouldn’t work on the graphical user interface such as in the System Preferences. Thus, I think the fix is real.
Here is one secret I would let you guys in. Actually, this flaw isn’t a flaw. Apple has always been easy in regarding in allowing people to physically reset a user password. In fact, you can also reset a root password of your Mac for as long as Mac has been in the existence, because in the video right after the break I’d talked about how to reset an administrator password in Mac OS X Lion without remembering the root password or using a recovery disk. By the way, Mac OS X Lion is way back then. I think Mac OS X Lion was released in 2011.
Since 2011-2012, I haven’t tested the trick I talked about in the video, and so I’m very rusty now. I’m not even sure the same trick would work exactly the same way as how I had walked you through in the video for newer machines and newer Mac OS iterations. Regardless, I think even now there should be some similar tricks for you to reset an administrator/root password on any Mac OS as long you got a physical access to the machine. Maybe FileVault would be able to stop and block the trick I’d shown you in the video from working successfully, but I’m not sure if this is even the case since I haven’t tested this very trick out when I got FileVault running. So, I think the best security is still all about keeping your machine in a locked cage when you’re not around it. Keeping a physical machine away from unwanted intruders/hackers would be the best way to stop easy hacks. Regardless, sometimes remote hacks could also be as easy as the root flaw I’d mentioned in this post.