Is the tide turning for Mac security?
For the longest time, the generally accepted knowledge was that Apple’s Mac computers didn’t get malware or viruses. Apple even went so far as to mock its PC opposition in the famous “Mac vs PC” ads for the issues they had around security and malware, to a fairly solid effect. While Apple’s Macs do still trail Windows machines by a significant percentage, Apple’s overall desktop and laptop market share has grown in recent years, and with it, Apple’s profits.
Back then, if you dug a little deeper, it became apparent that one reason that Apple machines didn’t tend to get targeted by malware writers wasn’t entirely to do with robust security infrastructure, but more to do with that smaller market share. There simply were fewer Macs to target, so malware writers, who these days target ways to get money far more than mere mischief, were less inclined to do so.
In recent times, however, we’ve seen a larger number of malware attacks on the macOS platform, as well as a few security blunders from Apple itself. Just recently it emerged that Apple had left a gaping chasm of a security hole in the latest updated version of its macOS software, High Sierra.
Specifically, if you wanted to sign into any given High Sierra machine, all you had to do was enter your username as “root” and tap the enter key a couple of times. Hey presto, instant access to anything on that Mac, even if you were using more advanced features such as Apple’s encrypted Filevault software.
It’s not exactly clear how or why Apple left this rather large back door open, but if you’re curious as to why that username would even exist on your Mac, it’s because macOS itself is built on a UNIX base. UNIX uses what’s called a “superuser” account for dedicated administrative tasks, but it’s not recommended for everyday use.
That “root” account is the superuser account on macOS systems, and for most users, you’d never know it was there or indeed need to have use of it, because it’s able to do literally anything to the files on your system, including (potentially) leaving the whole system wide open for abuse or unable to be recovered.
If you are running macOS High Sierra, there’s a couple of solutions to hand. Apple rushed out a patch for High Sierra about 18 hours after the bug information went public, and most macOS users should find that this auto-applies to their systems.
However some users have reported that if they’re not running the very latest update to High Sierra itself, version 10.13.1, and they only apply the patch that then updating can re-open the hole, unless you reboot your Mac afterwards.
You should update as soon as feasible, because now that this bug is widely known, it’ll be exploited. Right now, it mostly relies on someone having physical access to your Mac, but it won’t be long before malware writers are figuring out ways to invoke it remotely.
Update to the latest version of High Sierra, and you should be prompted for the patch. Reboot after it’s deployed, and check if the root exploit is still present by trying to log in as the root user with no password.
If it’s still present, or for some other reason you’re not able to apply the patch, then what you should do is change the root password yourself. Apple outlines the process in this document under “change the root password”, which is as follows:
- Choose Apple menu > System Preferences, then click Users & Groups (or Accounts).
- Click lock icon, then enter an administrator name and password.
- Click Login Options.
- Click Join (or Edit).
- Click Open Directory Utility.
- Click lock icon in the Directory Utility window, then enter an administrator name and password.
- From the menu bar in Directory Utility, choose Edit > Change Root Password…
- Enter a root password when prompted.
Simply changing the root password to anything else, but preferably a strong password combination, will remove the problem of this particular flaw. It’s also a timely reminder that no matter what your computer platform is, it’s wise to keep abreast of the latest security issues and updates.