Apple macOS vulnerability leaves personal data unprotected; here’s how to protect your system

Apple has confirmed that it is working on a software update to fix the security vulnerability in the macOS system

  1. Techook
  2. News
  3. Apple macOS vulnerability leaves personal data unprotected; here’s how to protect your system

Highlights

    • Allows hackers to access change user files without any password
    • Leaves personal data vulnerable
    • Security hole can be plugged by setting a Root password

A new security flaw has cropped up on Apple’s macOS High Sierra and it can be quite dangerous. This vulnerability allows miscreants to directly access a macOS system and change personal files without needing any password.

The vulnerability was publicly disclosed by Turkish software developer Lemi Orhan Ergin via a tweet. Basically, it allows a user to gain access and make changes in a macOS machine by opening System Preference>Users & Groups. Following this, they just have to click the lock, enter the word ‘root’ in the username field, select the password field (keep it empty) and tap the ‘Unlock’ button. While this looks more of an effortless process to unlock a system, it’s a major security threat that potentially risks stealing away your personal data.

Upon granting access to the System Administrator account it lets one view files stored in all users account and even edit credentials of other users. However, if the system already has a root user enabled, hackers won’t be able to take advantage of this security hole.

Several publications have reached out to Apple and the company has confirmed that it is working on a software update to fix the issue.

We are working on a software update to address the issue. In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012M. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the “Change the root password” section,” Apple in a statement said.

Notably, on Apple’s support page it is mentioned that the root user is disabled by default. We had a quick chat with prominent Apple expert, Preshit Deorukhkar, Editor in Chief – Beautifulpixels.com, to discuss this issue. He too concurred that the simplest fix for the vulnerability as of now would be to set a root password. This is how you can enable it in macOS:

  1. Launch Apple menu in the system
  2. Select System Preferences and then click Users and Groups
  3. Click the Lock icon and then enter administrator name & password
  4. Tap on the Login options
  5. Select Join option to Network Account Server
  6. Click on Directory Utility that you will see at the top left corner
  7. Select the Lock icon in the Directory Utility window and type an administrator name & password
    In the menu bar, click the Edit option and select Enable Root user and then set a password.

If you have already enabled the Root user account and want to change the password, simply tap the Directory Utility, and in the menu bar you will find Change Root Password. Select that and create a strong password. This should shield your system from the latest vulnerability.