You don’t even have to be a hacker to take advantage of Apple’s MacOS High Sierra security flaw that allows anybody root access without using a password. You just need to be able to type a simple 4 letter word.
Apple has always been well known for providing customers and users with the kind of security that you just don’t get with most Windows based machines. This is why it comes as such a shock that on Tuesday Lemi Ergin – a developer based in Turkey – discovered that simply typing “root” as the username, leaving the password field empty and clicking “Login” a few times will give just about anybody root access.
This is bad. Obviously. But for a company like Apple, this is glaringly and embarrassingly bad. Most Windows based machines at least make things a little bit of a challenge for hackers to access and exploit an operating system’s security vulnerabilities. This security flaw in High Sierra means that I could walk my 3 year old through this process somewhere between snacks and nap time.
Root access will give a user full and absolute administrative control over a machine – from changing passwords to locking out other users, and of course accessing all of your documents, files and – this is scary – any passwords stored in your iCloud keychain. Masses of sensitive data is exposed in broad daylight here, and the security flaw is leaving Mac users extremely vulnerable to very real threats such as theft of data, finances and even identity.
There are some reports that root access can be gained from the initial lock screen in cases where multiple users are registered on a machine, however the most common way to exploit this flaw is to gain root access through system preferences.
Protecting Your Mac from the MacOS High Sierra Security Flaw
What can you do to prevent others from exploiting High Sierra’s latest security flaw? Thankfully, there are a handful of simple actions that Mac users can take.
Firstly, don’t leave your Mac or MacBook unattended. This should be a no-brainer anyway, but it definitely bears repeating here. If left unattended, anybody could wander over while your back is turned and gain access to your machine. They could then set their own root password, after which they’ll be able to return to your Mac at any time to access it again and again.
You can also get the drop on this by setting your own root password. This will prevent anybody who attempts to access your machine from doing so.
Apple have been made aware of this latest MacOS High Sierra security flaw, and have responded quickly – as well they should, given that their very reputation as hugely active players in the highest forms of user security is at stake here. This is what they’ve said:
We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.
If you’ve already upgraded to High Sierra, then make sure that you follow the steps above, and keep on updating it as and when new MacOS releases for High Sierra come out. If you haven’t upgraded yet, then don’t do so until the issue has been confirmed to be resolved by Apple, along with a new patch or update to address it.
Did You Like This Article? Don't Forget to Share!
Did This Article Speak to You? Get in Touch and Tell Us All About It!
If something about this article made you want to reach out to us, we’d be happy to hear from you. Just complete the quick and easy form below, and we’ll be back in touch with you very soon.