If you’re an avid Mac user, you’ll want to pay attention to this latest security flaw. Let’s get to the root of the problem. In a recent update to Mac’s High Sierra OS, it was discovered that anyone could obtain root access to a Mac machine running the OS without needing a password.
An unauthorized user would need to have physical access to the laptop or desktop to do this but nevertheless, it is a serious enough issue that an organization’s IT and security teams should remediate immediately. To pinpoint the number of Macs impacted, organizations should conduct a thorough vulnerability scan to assess all environments where there could be Mac hosts. With all Mac hosts accounted for, teams can more quickly deploy the recently issued Mac OS update to remediate.
How was this flaw identified?
Developer Lemi Orhan Ergin discovered the flaw while testing and logging into his Mac. If an unauthorized user got to Lemi’s machine, here is how he or she could gain access:
- Type in “root” in the username field of a login window.
- Leave the password field blank and move the cursor over it; press enter several times and the machine will grant access.
Surprisingly easy right?
Similar problems in the past
High Sierra has had its share of problems over the past several months. As Hacker News detailed in October, the OS exposed passwords of encrypted Apple File System (APFS) volumes in plain text. Apple quickly issued an update to resolve the problem.
Mac OS flaws are not a regular occurrence, but they are happening enough that it is in everyone’s interest to adopt a proactive mindset. If a flaw’s been reported but no update has been issued, look to your security risk management partners like SAINT for step-by-step workarounds to reduce the risk and obtain a near-term resolution. But always keep your eye out for newly issued updates. The Mac OS update for this latest flaw has been available for just over a week. If you haven’t already installed it, do so today. And to avoid any potential unauthorized access after the fact, create a new password for the root account.