MacOS High Sierra ‘Root’ Security Bug
Apple has patched a critical vulnerability that potentially leaves your data at risk. The bug was discovered in macOS High Sierra and gives an attacker full access to log on as ‘root,’ without the need for a password.
Root is a ‘superuser’ account with read and write privileges over the entire system, including other user accounts. This means that anyone with physical access to your machine can install programs, add administrators, change critical settings, read and write files and system files or engage in any other activity. Malware designed to exploit this could also fully install itself deep in the computer, with no password required. It is recommended not to leave your machine unattended until this is resolved.
The good side of this issue is that it is easy to patch, as Apple has released an update solving it. However, enabling a password-based root user is also recommended. Once this is done, the root account is password protected, and the machine should again be safe and secure.
This is an example of the fact that there exist hackable security vulnerabilities in software, and then there are the types of flaws that don’t require hacking at all. Securing your network is not only based on implementing best-of-breed security products and practices, but also on training and educating security awareness among users.
Stay alert! Keep your environment safe by pushing security-awareness throughout the organization, especially to C-suite and VP-level personnel.