Geeks2U Promise
We guarantee you'll love our fast, friendly service - or we'll refund your money.  
133,572 Happy Customers & Counting
Need tech support?
1300 769 448
Extended hours, 7 days a week
Home  /  geekspeak  /  Is the tide turning for Mac security?

Is the tide turning for Mac security?


For the longest time, the generally accepted knowledge was that Apple’s Mac computers didn’t get malware or viruses. Apple even went so far as to mock its PC opposition in the famous “Mac vs PC” ads for the issues they had around security and malware, to a fairly solid effect. While Apple’s Macs do still trail Windows machines by a significant percentage, Apple’s overall desktop and laptop market share has grown in recent years, and with it, Apple’s profits.

Back then, if you dug a little deeper, it became apparent that one reason that Apple machines didn’t tend to get targeted by malware writers wasn’t entirely to do with robust security infrastructure, but more to do with that smaller market share. There simply were fewer Macs to target, so malware writers, who these days target ways to get money far more than mere mischief, were less inclined to do so.

In recent times, however, we’ve seen a larger number of malware attacks on the macOS platform, as well as a few security blunders from Apple itself. Just recently it emerged that Apple had left a gaping chasm of a security hole in the latest updated version of its macOS software, High Sierra.

Specifically, if you wanted to sign into any given High Sierra machine, all you had to do was enter your username as “root” and tap the enter key a couple of times. Hey presto, instant access to anything on that Mac, even if you were using more advanced features such as Apple’s encrypted Filevault software.

It’s not exactly clear how or why Apple left this rather large back door open, but if you’re curious as to why that username would even exist on your Mac, it’s because macOS itself is built on a UNIX base. UNIX uses what’s called a “superuser” account for dedicated administrative tasks, but it’s not recommended for everyday use.

That “root” account is the superuser account on macOS systems, and for most users, you’d never know it was there or indeed need to have use of it, because it’s able to do literally anything to the files on your system, including (potentially) leaving the whole system wide open for abuse or unable to be recovered.

If you are running macOS High Sierra, there’s a couple of solutions to hand. Apple rushed out a patch for High Sierra about 18 hours after the bug information went public, and most macOS users should find that this auto-applies to their systems.

However some users have reported that if they’re not running the very latest update to High Sierra itself, version 10.13.1, and they only apply the patch that then updating can re-open the hole, unless you reboot your Mac afterwards.

You should update as soon as feasible, because now that this bug is widely known, it’ll be exploited. Right now, it mostly relies on someone having physical access to your Mac, but it won’t be long before malware writers are figuring out ways to invoke it remotely.

Update to the latest version of High Sierra, and you should be prompted for the patch. Reboot after it’s deployed, and check if the root exploit is still present by trying to log in as the root user with no password.

If it’s still present, or for some other reason you’re not able to apply the patch, then what you should do is change the root password yourself. Apple outlines the process in this document under “change the root password”, which is as follows:

  1. Choose Apple menu > System Preferences, then click Users & Groups (or Accounts).
  2. Click lock icon, then enter an administrator name and password.
  3. Click Login Options.
  4. Click Join (or Edit).
  5. Click Open Directory Utility.
  6. Click lock icon in the Directory Utility window, then enter an administrator name and password.
  7. From the menu bar in Directory Utility, choose Edit > Change Root Password…
  8. Enter a root password when prompted.

Simply changing the root password to anything else, but preferably a strong password combination, will remove the problem of this particular flaw. It’s also a timely reminder that no matter what your computer platform is, it’s wise to keep abreast of the latest security issues and updates.


Recent News


At the recent Mobile World Congress event in Barcelona, Samsung absolutely dominated the headlines with the launch of its Galaxy S9 and Galaxy S9+ smartphones. That’s partly due to the fact that, in the smartphone world, the majority of premium sales go either to Samsung’s Galaxy ranges or Apple’s iPhones, with everyone else a long… More 


Smart speakers are everywhere these days, whether you’ve bought into the hi-fi audio of Apple’s HomePod speakers, the general utility of Google’s Home or Google Home Mini, or the many shopping-centric variants of Amazon’s Echo family. Aside from being basic Bluetooth speakers, they’re also easy ways to audibly keep track of your day, catch up… More 


5G networks will start appearing on a widespread basis around the world in 2019, with some US based networks in fact promising rollouts by 2018, although it’s not all that clear what devices they’ll be using to support them. For the longest time, most people have assumed that the first 5G devices they’ll buy will… More 


The use of Virtual Private Network (VPN) software has erupted in recent years for a whole slew of reasons. If you’re staring at the acronym and wondering what a VPN is, it’s essentially software that encrypts your internet communications and allows that encrypted content to be sent across the internet, emerging at another destination without… More