William H. Magill wrote: > As I understood the description of the patch/update — the Root Account is > only de-activated if it has no password. > Making it just like all previous releases of OSX.
It wasn't an issue of having an _active_ root account The root account wasn't active; but you could still use it in System Preferences > Users & Groups ; and because it wasn't active, it had no password - leading to the security blunder and a local exploit > > If you have activated the Root Account and supplied a password, then nothing > happens. Nope - 16 character long non-obvious strong password still de-activated :-( I only installed 10.13 when 10.13.2 was released and my root accounts 'survived' that update from 10.12 without any problems at all But the 10.13.2 supplementary update de-activates the root account And that update should only have something to do with Spectre and Safari/WebKit > > Read Mac Rumors description: > https://www.macrumors.com/2017/11/29/apple-fixes-root-password-bug-security-update/ > > The original bug description: > https://www.macrumors.com/2017/11/28/macos-high-sierra-bug-admin-access/ > -- Bjarne D Mathiesen Korsør ; Danmark ; Europa ---------------------------------------------------------------------- denne besked er skrevet i et totalt M$-frit miljø macOS 10.13.2 High Sierra (17C205) 2 x 3,46 GHz 6-Core Intel Xeon ; 48 GB 1333 MHz DDR3 ECC ATI Radeon HD 5770 1024 MB
