Mike Lynn of Facebook and Rich Trouton join the pod’s very first Flashcast to talk about the #iamroot situation, a serious privilege escalation in Mac 10.13.0 – 10.13.2 beta 5 that allows password-free access to the root account. Solutions are discussed, as well as mitigation strategies for situations like this in the future.
Blocking logins to the root account on macOS High Sierra
Developer Forums Post from 13 November 2017 Describing This Behavior
Pycreateuserpkg from Greg Neagle
Apple KBase, updated 28 November 2017: How to enable the root user on your Mac or change your root password
If you’re interested in sponsoring the Mac Admins Podcast, please email email@example.com for more information.
Get the latest about the Mac Admins Podcast, follow us on Twitter! We’re @MacAdmPodcast!