A major security flaw in Apple High Sierra allows anyone to login to a Mac by simply typing in the user “root” and hitting the enter key a few times. This simple action gives complete superuser access rights to the system exposing all user data.
Moreover, the Apple root bug can be used to login through the login screen or the screen saver lock screen for Active Directory (AD) joined Macs — this is much more significant than the originally reported issue because it allows an admin to elevate privileges by unlocking system preferences. In addition, if a Mac user has “screen sharing” enabled, perhaps from a previous IT support issue, the root login can be used to remotely view the users screen without them knowing, or login remotely.
While there is a simple workaround (create a user by the name of “root” and set a unique and complex password) and Apple is sure to address this gaping hole quickly, it highlights a fundamental but ignored gap in enterprise security.
For many companies, the practice of reusing the same local admin password for every endpoint, and rarely, if ever, changing it continues to be common practice. If that password becomes exposed through phishing or credential theft then the attacker has unfettered access to every endpoint in the organization. All local admin accounts (including the root account on Macs) should have unique passwords that are randomly created and regularly rotated. An easy way to accomplish this is through the use of local admin password management (LAPM) solution. With a LAPM, authorized users can check out the local admin password for remote management or to temporarily grant admin rights to the device’s primary user.
Looking for a local admin password management solution? Learn more here.