Massive Security Flaw for High Sierra Macs Emerges

When it comes to cybersecurity, we’ve seen our fair share of device flaws. Sometimes, hackers leverage these vulnerabilities to execute complicated attacks that compromise your data. And sometimes, there are flaws that hardly require cybercriminals to lift a finger. Just yesterday, a massive flaw emerged that embodies the latter. This vulnerability is found in High Sierra Macs, and allows anyone to log into a device just by typing “root” in the user name field.

How it works

Anyone can access this flaw by first going to “System Preferences” on the home page of a Mac computer and then entering one of the panels that has a lock in the lower left-hand corner. This is usually where you would go to enter in your name and password, which is required when installing an application or changing settings. From there, simply type “root” as a username, leave the password field blank, click “unlock” twice, and you’ll immediately gain full access to the device.

This essentially means that anyone that gets their hands on your computer could gain the deepest level of access to your device, otherwise known as “root” privileges. They could add administrators, change critical settings, even lock out the current owner. What’s more – this flaw could allow malware to install itself deep within your computer, especially since no password is required for access.

Fortunately, Apple has stated that a fix is on the way and workaround is available in the interim. They explained, “in the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.”

How to stay protected

So, the next question is – what can you do to ensure your Mac stays secure? Start by following these tips:

  • Do not leave your Mac unattended until this is resolved. With this vulnerability, the main way someone can access your files is by first and foremost accessing your physical device. So be sure to never leave your computer unattended, or hand it over to someone you don’t know that well.
  • Update regularly. It’s an important security rule of thumb: always update your software whenever an update is available, as security patches are usually included with each new version. And even though a fix for this particular flaw has not been issued yet, it’s certainly on the way.
  • Install comprehensive security. After you’ve updated your devices with the latest software, be sure to install comprehensive security. A solution like McAfee LiveSafe can ensure your devices are protected from cybercriminals wishing to leverage this vulnerability in order to steal your personal data.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

Introducing McAfee+

Identity theft protection and privacy for your digital life

FacebookLinkedInTwitterEmailCopy Link

Stay Updated

Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.


More from Internet Security

Back to top