Who still thinks Apple products can’t get hacked? You may have heard about this common misconception and Apple is happy to let you believe it. For example, Apple advertises their new macOS High Sierra as having “an advanced architecture that brings a new level of security” yet a significant security issue has just been brought to Apple’s attention. With the macOS High Sierra operating system, anyone with physical access to your computer (and sometimes even with remote access) can enable the “Root User” (Apple’s equivalent to a “System Administrator”) without a password. Any confidential information can easily be compromised and other data could also be at risk, as the Root User will have permission to reset or change passwords, read and write files, delete or add users, and even access other accounts on the system. This is a very serious security risk and you need to act now to protect your organization.
Apple recently released a security update to fix this major glitch so all macOS High Sierra users should immediately update their computers. The security patch can be found at: https://support.apple.com/en-us/HT208315.
If you are unable to update your devices immediately, you should still take certain steps to protect yourself until the security patch can be applied. Specifically, you should set a root password NOW to prevent an unauthorized user from accessing your computer with the highest level of privileges. To set a Root User password, follow the instructions released by Apple at: https://support.apple.com/en-us/HT204012. It is also important to note that only disabling the root account will not fix the problem because the root account can still be re-enabled if you haven’t yet applied the security patch. Additionally, don’t leave your Mac computer unattended until this issue has been addressed.
Don’t fall victim to this major security flaw. Update your impacted devices with the security patch as soon as possible and take the necessary precautions until the patch can be applied!
Related articles
Change Healthcare Attack: Ransomware Protection Measures for Healthcare Organizations
In light of the Change Healthcare attack, we explore why hackers target healthcare and how healthcare can defend against ransomware.
GraVoc Recognized on CRN MSP 500 List for Second Year in a Row
For the second year in a row, GraVoc has been recognized on the CRN® MSP 500 list in the Pioneer 250 category!
PCI SAQ Types: Which SAQ is Right for Your Business?
In this blog post, we provide an overview of the SAQ types for PCI DSS v4.0 and how to select a PCI SAQ that’s right for your business.