When it comes to cybersecurity, we’ve seen our fair share of device flaws. Sometimes, hackers leverage these vulnerabilities to execute complicated attacks that compromise your data. And sometimes, there are flaws that hardly require cybercriminals to lift a finger. Just yesterday, a massive flaw emerged that embodies the latter. This vulnerability is found in High Sierra Macs, and allows anyone to log into a device just by typing “root” in the user name field.
How it works
Anyone can access this flaw by first going to “System Preferences” on the home page of a Mac computer and then entering one of the panels that has a lock in the lower left-hand corner. This is usually where you would go to enter in your name and password, which is required when installing an application or changing settings. From there, simply type “root” as a username, leave the password field blank, click “unlock” twice, and you’ll immediately gain full access to the device.
This essentially means that anyone that gets their hands on your computer could gain the deepest level of access to your device, otherwise known as “root” privileges. They could add administrators, change critical settings, even lock out the current owner. What’s more – this flaw could allow malware to install itself deep within your computer, especially since no password is required for access.
Fortunately, Apple has stated that a fix is on the way and workaround is available in the interim. They explained, “in the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.”
How to stay protected
So, the next question is – what can you do to ensure your Mac stays secure? Start by following these tips:
- Do not leave your Mac unattended until this is resolved. With this vulnerability, the main way someone can access your files is by first and foremost accessing your physical device. So be sure to never leave your computer unattended, or hand it over to someone you don’t know that well.
- Update regularly. It’s an important security rule of thumb: always update your software whenever an update is available, as security patches are usually included with each new version. And even though a fix for this particular flaw has not been issued yet, it’s certainly on the way.
- Install comprehensive security. After you’ve updated your devices with the latest software, be sure to install comprehensive security. A solution like McAfee LiveSafe can ensure your devices are protected from cybercriminals wishing to leverage this vulnerability in order to steal your personal data.
And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.