If you’re a regular here on Digital Security World, then you already know how much we stress the need for strong password protection. Even if this is your first time here, you probably know something about password security and its importance. That being said, what could possibly be worse for account security than having a weak password? How about having no password at all. Incredibly, this was the state of all Mac devices running the macOS High Sierra 10.13.1 software last week. This coming from one of the most prominent tech companies in the world, a company which prides itself on the security of its devices.
The following devices are compatible with MacOS High Sierra software:
- iMac Pro
- Mac Pro
- MacBook Pro
- MacBook Air
- Mac Mini
- MacBook Retina
The High Sierra Vulnerability
First reported by developer Lemi Orhan Ergin, the vulnerability in the 10.13.1 version of High Sierra gives anyone access to the above devices without having to know the login information. Simply typing the word “root” into the username field while leaving the password field blank will award full access to the computer. Even worse, accessing the device in this way will grant the user administrator status. This is relevant because a user with administrator status can easily access any file or location on the computer, including areas that a standard user would not have access to. For example, if you happen to have your iPhone synced to your Mac or iCloud, an intruder could spy on your text messages.
While it’s easy to see the massive security risk associated with this particular vulnerability, Apple was able to put out a quick patch to address the issue (MacOS 10.13.2 High Sierra). Unfortunately, some users have noted an issue with updating from the base version of High Sierra (MacOS 10.13) to the latest update. So if you happened to skip the MacOS 10.13.1 update, just make sure you reapply the latest version and restart your computer afterward. This will fix the root vulnerability.
Were any of your devices affected by the root vulnerability? Have a question regarding High Sierra? If so, leave a comment below.