SYNOPSIS:

Mike Lynn of Facebook and Rich Trouton join the pod’s very first Flashcast to talk about the #iamroot situation, a serious privilege escalation in Mac 10.13.0 – 10.13.2 beta 5 that allows password-free access to the root account. Solutions are discussed, as well as mitigation strategies for situations like this in the future.

YOUR HOSTS:

• Pepijn Bruienne, R&D Engineer at Duo Security [@bruienne], Proprietor of EnterpriseMac.Bruienne.com
• Tom Bridge, Partner at Technolutionary LLC [@tbridge]
• James Smith, IT Administrator at Culture Amp [@smithjw]

GUESTS:

• Mike Lynn, Client Platform Engineer, Facebook [@mikeymikey]
• Rich Trouton, [Der Flounder]

LISTEN!

LINKS & NOTES

The Tweet That Started It All

Blocking logins to the root account on macOS High Sierra

Developer Forums Post from 13 November 2017 Describing This Behavior

Pycreateuserpkg from Greg Neagle

Apple KBase, updated 28 November 2017: How to enable the root user on your Mac or change your root password

RATE US ON ITUNES!

Give Us Five Stars!

SPONSOR MAC ADMINS PODCAST!

If you’re interested in sponsoring the Mac Admins Podcast, please email podcast@macadmins.org for more information.

SOCIAL MEDIA

Get the latest about the Mac Admins Podcast, follow us on Twitter! We’re @MacAdmPodcast!