Security Flaw Found on Macs

Mac Updated Required to Keep It Secure

A rather large security issue has been uncovered in the latest macOS (Mac’s operating system), otherwise known as High Sierra, which allows somebody to gain unrestricted access to your Mac. It’s a quick and easy to perform workaround that doesn’t require a great deal of time in front of the machine, so somebody could very easily access your files if your computer was left unattended and unpatched. To keep your machine safe and secure, we recommend reading ahead.

The security flaw and how it affects you

Your Mac is pre-programmed with an account known as the 'root user', which is a 'superuser'; this means that the account has more read and write privileges than your average user, including the ability to view and edit files that are critical to the proper functioning of your computer. The root user can also view and modify files belonging to other users on the Mac. Because of these two functions, it’s often used by administrators to rectify issues with the machine.

This security breach involves the ability for a stranger to be able to gain access to your Mac’s root user account. It was uncovered on Tuesday 28th November, when a Turkish developer named Lemi Orhan Ergin tweeted Apple, stating:

Dear @AppleSupport, we noticed a HUGE security issue at MacOS High Sierra. Anyone can login as “root” with empty password after clicking on login button several times. Are you aware of it @Apple?  Lemi Orhan Ergin (@lemiorhan)

Just as this developer has pointed out, you can access the root user account simply by inputting the word ‘root’ into the username field, and hitting the login button two or three times; you don’t require a password. Once inside this superuser account, you – or somebody unauthorised – could potentially break your machine by making changes to system-critical files, or access sensitive photos and documents belonging to other Mac accounts stored on the computer.

The issue affects macOS 10.13.1, which is the latest up-to-date operating system for the Apple Mac computer. If you regularly use your Mac and keep it up to date, then it’s likely that you’re using this operating system, as your computer should routinely install the latest updates from the internet. This makes you potentially affected by the security hole.

How to protect yourself

On Wednesday 29th November, Apple released their official patch to fix the problem, through a security update that can be accessed through the App Store 'Updates' section. Installing this security patch will help to protect you, though it’s recommended to also change your root user password to something memorable, both to ensure your security and enable your access, should you need it in future.

Changing your password

To change your root user account password, simply follow the steps below. Once done, nobody will be able to access the root user account without a password:

  1. In ‘Finder’, navigate to ‘Go’ and then select the ‘Go to Folder’ option;
  2. Input the following string into the blank field:
  3. /System/Library/CoreServices/Applications/
  4. From the list of applications presented, select and launch the 'Directory Utility' application;
  5. Click on the padlock at the bottom left corner of the screen and enter your username and password into the fields presented to you. Click on 'Modify Configuration' once you've input your credentials;
  6. Click on 'Edit' and then select the option to 'Change Root Password', then enter a secure but memorable password into the pop-up;
  7. When you're returned to the Directory Utility', click back on the padlock to re-lock the application and stop any more changes from being applied, then quit out of the application.

Some final advice

Unfortunately, the speed with which Apple has put out its security fix has not come without consequences. Some users have found that file sharing has been affected and no longer works, though there is a fix available.

The above steps can be quite complicated, and we don’t want to further confuse things by outlining the process by which file sharing is remedied in this same article. However, Wise Guys are happy to walk you through any of the steps needed to make sure your Mac is kept secure.

Give us a call on 0808 123 2820 if you need any help securing your machine and we can talk you through the necessary steps to get it back to working order.

Latest Articles

General January 09, 2017

The Microsoft Scam

The Microsoft Scam. Find out what it is and how to protect yourself.