“Root”- the hack word to MacOS High Sierra
Apple Inc, is a multinational company with an annual income in the billions. They work hard to ensure they offer end of the line products and services that appeal to customers to increase their customer pool and revenue. Their laptop design and software is popular amongst many people who deem it to be less prone to viruses and equipped with a high security system. It is believed that any attacks or unauthorized access to the system will be difficult to carry out due to Apple’s system security. However, the latest news on Apple’s High Sierra software operating system proves otherwise.
Apple is facing a security flaw with its MacOS High Sierra that was disclosed by security researchers. This bug allows anyone with little to no hacking experience to easily access the operating system’s security protection. How is this done? Security breaches in MacOS High Sierra are made possible by just typing the word “root”. When a user is faced by a feature in the software system asking for a username and password. Whether it be to log in to the device, changing the settings or installing applications, they can just type the word “root” in username, click unlock twice and they are granted full access. Now that security breaches in MacOS High Sierra are made possible and are easily executed, any individual with unauthorized access to a personal computer can access it and obtain hidden personal information from the computer known as “root” privileges. Not only does this bug allow unauthorized individuals to access information but also opens a door for malware to be planted deep into the computer.
This software bug was first revealed by Lemi Orhan Ergin, a Turkish software developer, who stated that his team stumbled upon this issue while trying to help a user regain access to their account. The team showed Ergin the issue by testing it on his computer and to his shock, the outcome was just as they described.
This bug is not the first issue associated with High Sierra. On the day it was launched, security researcher, Patrick Wardle, found that the contents of the software’s keychain could be stolen without a password by a code running on the operating system. Another alarming issue is one that involved the user’s password being displayed as the hint when they try to unlock an encrypted section on their device. According to Wardle, these bugs could have been fixed early on if Apple provided a bug bounty for desktop information security liabilities like most of the other companies do. A bug bounty is a program that rewards individuals for reporting software bug issues. Apple currently has this program but only for iOS, not MacOS.
After this information on the software bug was released on the net, it found its way through twitter and other social media platforms where individuals began to test out the claims. It created a wave of concern from many Mac owners and Apple customers who began looking for an immediate solution to protect their privacy. Although, a few security researchers were unable to replicate such findings, others posted up step-by-step videos of them logging in with “root”. Security researcher Amit Serper and WIRED were amongst those who tested out the bug and confirmed the software’s vulnerability.
An apple-focused security researcher, Thomas Reed, stated that someone with physical access to a computer is just as dangerous as malware. They can access a logged-out device and input their own root password giving them access to it whenever they want. This should raise concern to any Mac owner with High Sierra software operating system. Precautions need to be taken to protect your information from invaders and avoid possible security breaches.
Apple confirmed the information to be true and is currently working to resolve this issue in due time. They however, offered a short-term solution meanwhile working on a long-term fix for the software. The solution to this bug could be easily done by setting a password for the root user. Here is how it is done. You need to access your Mac with an administrator account, enable the root user and then log back in as a root user to complete the process.
Below is a step-by-step guide to enabling/disabling the account, logging in as the root user, and changing the root password.
Enable/Disable Root Account
• Go to System Preferences > Users & Groups (or accounts) > Click on lock icon > enter username and password > Login options > Join (or edit)> Open Directory Utility > Click on lock icon and enter username and password > From menu bar: select edit > Enable root user or disable root user
How to Log in as a Root User
Apple menu> log out of your current user account > log back in with the username “root” and password you created for the account
(if there are multiple user account, select Other and log in)
How to Change the Password for Root Account
• Go to System Preferences > Users & Groups (or accounts) > Click on lock icon > enter username and password > Login options > Join (or edit)> Open Directory Utility > Enter username and password > From menu bar: select edit > Change Root Password
**The root account is not created for regular use, its use is only meant to allow changes to files that are required by your Mac. Just a tip to keep in mind, for the changes to be reversed, your software needs to be reinstalled and don’t forget to disable the root user after you are done.
Yoga Bear Computer repair has been offering Apple Computer Repair in Sacramento since 2011. We take incredibly good care of our customers and because of it we are rated #1 on both Yelp and Google. Please let us know how we may serve you.
Michael Grippi, Owner of Yoga Bear Computer Repair
Yoga Bear Computer Repair is the #1 ranked onsite and mobile computer repair company in Sacramento, CA. Serving all of Sacramento County along with surrounding areas, we offer same day computer fixes for both hardware and software issues. We service both Apple Macbook laptops and desktops, as well as all Windows PC computers. Founded in 2011 and rated #1 on Yelp and Google, our computer technicians work hard to make your computer repair experience as pleasant as possible. Please visit our web site at http://www.yogabearpc.com or call us today at 916-800-3035 to set up a same day appointment.