Who still thinks Apple products can’t get hacked? You may have heard about this common misconception and Apple is happy to let you believe it. For example, Apple advertises their new macOS High Sierra as having “an advanced architecture that brings a new level of security” yet a significant security issue has just been brought to Apple’s attention. With the macOS High Sierra operating system, anyone with physical access to your computer (and sometimes even with remote access) can enable the “Root User” (Apple’s equivalent to a “System Administrator”) without a password.  Any confidential information can easily be compromised and other data could also be at risk, as the Root User will have permission to reset or change passwords, read and write files, delete or add users, and even access other accounts on the system. This is a very serious security risk and you need to act now to protect your organization.

Apple recently released a security update to fix this major glitch so all macOS High Sierra users should immediately update their computers. The security patch can be found at: https://support.apple.com/en-us/HT208315.

If you are unable to update your devices immediately, you should still take certain steps to protect yourself until the security patch can be applied. Specifically, you should set a root password NOW to prevent an unauthorized user from accessing your computer with the highest level of privileges. To set a Root User password, follow the instructions released by Apple at: https://support.apple.com/en-us/HT204012. It is also important to note that only disabling the root account will not fix the problem because the root account can still be re-enabled if you haven’t yet applied the security patch.  Additionally, don’t leave your Mac computer unattended until this issue has been addressed.

Don’t fall victim to this major security flaw. Update your impacted devices with the security patch as soon as possible and take the necessary precautions until the patch can be applied!

Related articles

Need-to-Know Privilege Explained

Need-to-Know Privilege Explained

In this blog post and video, we explore need-to-know privilege in cybersecurity and why it’s important for organizations to assign user permissions on a need-to-know basis.

read more

Pin It on Pinterest

Share This