The latest version of Apple’s popular MacOS is creating a huge ripple in the security community. The operating system seems to have been released with a major vulnerability in which anyone can login to the computer as the user “root” without a password, simply by clicking the link several times. While allowing access to any account without a password is bad, allowing access to the root user is a recipe for disaster.

Root is the “super user”

In the Linux and MacOS ecosystems, the root user is the “super user.” It’s the user account that has all the power. It can do anything on the system without being challenged. If an attacker gains access to the root account of your Mac, they can do whatever they want. With this exploit, Apple has inadvertently handed it to them on a silver platter.

Image: CNET

We’re Taking Action

If you’re a Stellar IT customer with MacOS, our Network Operations Center team has already remediated this error for you. If you are not a Stellar IT customer and would like us to remediate this error, please open a ticket. Apple is working hard on a software update to repair this bug permanently. As soon as that update is released, we will push it across our entire managed Mac fleet immediately.

Action You Can Take

The easiest way to plug this loophole is to set a strong root password. You will never need to log directly into this account, so we recommend setting a strong root password that is random.

 

Source: CNET

 

Are you and your team protected from this critical bug?

At Kirbside Consulting, our Stellar IT service includes Stellar Security. Our network of experts stay on top of these issues and remediate them immediately, ensuring your data is protected.