Apple’s macOS recently came under fire after an update revealed that it’s possible to log in as “root” – for full administrative privileges – without typing in any password for authentication.
Since it’s a Unix-based operating system, average users don’t have full administrative privileges when performing regular tasks, such as browsing or editing documents. However, a “root” user has the highest level of privilege, meaning he can fully interact with the operating system and add, remove, or edit any system files.
Root privileges are usually protected by a password – or at least should be – to prevent inadvertent tampering. Because the update appears to allow anyone to simply log in with the “root” username without a password, this is a major security vulnerability that can be heavily exploited.
Although the attacker would have to physically access your Mac, he could technically remotely connect to your device through Screen Sharing. This would automatically prompt the login window, from which he could log in with “root” and no password whatsoever. This type of vulnerability has immediate consequences: the cybercriminal can access your personal files and folders instantly, and/or covertly install spyware or other malicious software for surveillance and indefinite data harvesting.
The root of all evil is having poor passwords for your administrative accounts, or, in this case, no passwords, as it enables cybercriminals to compromise your device with little effort.
Install the Latest Updates
Apple solved the issue – in under 24 hours – by releasing an update that fixed the unauthenticated “root” vulnerabilities. However, there was a second way of addressing the issue, which involved manually setting up a password for your “root” account, which is always recommended from the get-go.
Alternatively, if waiting for the Apple fix seemed too long, users could either disable the root user or manually add a strong password for the account. Although these two options would not necessarily address the core issue, it would prevent unauthorized access to that account unless the proper password was provided.
The downside to Apple’s Security Update 2017-001 for macOS High Sierra 10.13 and macOS High Sierra 10.13.1 was that, once applied, it could trigger some issues with file shares on your Mac. Of course, that was also addressed through a simple support topic, enabling macOS users to continue using their devices without further inconveniences.
Your Mac Needs Security
Regardless of the issue with the “root” credentials – or lack thereof – your Mac is more vulnerable than you might think. Malware, ransomware, and all sorts of data-stealing Trojans have become common on Apple’s operating system.
While installing the latest security updates is always recommended, as they patch known vulnerabilities and issues, having a dedicated security solution installed is also mandatory – not just optional – as it can detect, prevent, and remove threats before they compromise your data.