While Apple products are renowned for being highly secure, they’re not completely immune to cyberattacks. Fortunately, Apple frequently releases updates to fix any issue that they’ve discovered. And if you have macOS High Sierra, you need to make sure you’re running the latest patch.
On November 28th, security researchers reported a serious bug in macOS High Sierra that allows anyone to easily take control of any Mac computer. Normally, users are asked for their username and password before logging into their Mac, installing a new application, or changing settings. However, this recent bug allows users to simply type “root” as a username, leave the password field blank, and click “unlock” to gain full access.
This means if hackers have physical access to a machine, not even passwords can stop them from getting inside. They could, for instance, log in with "root," reset the username and password, and enjoy future access to the machine at any time. They could also install spyware with ease and monitor your activity 24/7 without being detected.
The bug was so alarming that Apple released an emergency patch within a day. But even the fix had problems, and when users installed the next major macOS update, High Sierra 10.13.1, the bug reappeared.
Luckily, Apple was quickly made aware of this secondary problem and rolled out a 10.13.2 update on December 6th to completely resolve the issue.
Other threats to Apple security
This wasn’t the only problem Apple had to deal with recently. In October, Apple released an update for Key Reinstallation Attacks (KRACK) -- a type of attack that essentially breaks the encryption protocols between a router and a device, allowing hackers to read private messages and steal other sensitive data.
And last week, an iOS 11 update was rolled out to fix glaring weaknesses in Apple’s HomeKit Internet of Things framework, which enables hackers to exploit smart devices like security cameras and door locks.
How to protect yourself
The importance of checking for updates and installing them as soon as possible cannot be understated. Hackers are more active than ever and will use any means necessary to breach your network. Updating your software is the best way to reduce the number of exploitable entry points into your business.
To install updates for Apple devices, open the App Store, and click on Updates. All critical updates should be displayed on the window, but if you don’t see the one you’re looking for, use the Search field to find it.
Even though the potentially devastating High Sierra bug has been fixed, you should consider creating a genuine root user password to prevent others from gaining access to your machine just by typing in “root.”
To do this, open Directory Utility, which can be found in the Users & Groups tab in System Preferences. From there, click on Edit and select Enable root user, where you will be prompted to set a password. And last but not least, make sure you set a strong password.
Protecting your systems is a full-time job, so if you’re not experienced with computers, call us today. We’ll give you the tools and services you need to stay safe from a wide range of cyberattacks.