How to fix the vulnerability
STEP 1 – Login as ‘root’ user
- Click on your apple icon in the top left-hand corner then select ‘Logout [user name]’
- Now you will see the login screen (see pic) – Click on ‘Other User’
- Were it says ‘User’ key in ‘root’, then press return a few times
- It should now wrongly allow you access into the mac (If this doesn’t work you may be on a older version of the operating system)
STEP 2 – Editing ‘root’ user
- Once you have logged in go to: Apple menu > System Preferences > User & Groups
- You will see your user profile as ‘System Administrator’.
- Click on this profile, then click ‘Password’
STEP 3 – Change ‘root’ password
- In the dialogue box, leave ‘Old Password’ blank and then in ‘New Password’ give it a new strong password and verify it.
- Now click, ‘Change Password’.
- Logout of the ‘root’ user and then try to login back in with the password left blank. The system should NOT allow you in.
- Now try your newly create password and login.
Note: Make sure you record this password somewhere secure.
Why is this security flaw, so BAD?
When you are logged in with the ‘root’ account, you are able to reset any users account on the computer and then log in as their profile – giving full access to all of your files, personal data, browser history and potential any of your saved passwords for websites etc.