Major Mac security flaw found

Reports have come out today stating that a major security bug was found in mac OS High Sierra (version 10.13).  That is the version that many of you have on your systems. It just came out in September.   These reports hit the tech press and also Bloomberg.  I am sure that more mainstream news will pick it up if they haven’t already. 

Take a deep breath, please.  I think nearly all of your or all of you can simply wait a few days until Apple puts out a fix. 

Basically this flaw allows anyone to log into your Mac (running the latest OS) with the user name “root” and no password.   It’s scary and from Apple’s perspective, its very sloppy.

However, some of my Mac clients only use their computers as terminals to surf the web and check e-mail via their browser (Safari, Chrome, Firefox).  They do not store important data on their Macs.   The majority of my Mac clients have a significant amount of personal data on their systems like documents, songs, and photos.   A third, but small, contingent uses their Macs for business purposes. 

What everyone needs to keep in mind is that a bad actor would need access to your Mac to take advantage of this security flaw.   They could do it through remote access or they could have actual physical access.   The chances of this happening to you — until Apple releases a patch — are slim.

Tips to stay safe:   Always be careful when handling attachments sent to you via e-mail.  If you are not expecting an attachment from someone — do not open it.  Be equally cautious when clicking on links in e-mail.  Those links could take you to fake or malicious websites.  Does the e-mail you received pass the smell test?   If you do arrive on a bogus site, close your browser immediately.   Log out of your Mac if you are going to be away from it for long periods of time or make sure that you are prompted to enter a password upon resuming from sleep.

In conclusion, I do not think most of you need to take immediate action on this.  A work around is available if you want to be ultra safe.

What you should do is keep checking the Mac App Store application every day for the next week.  Install all Updates presented to you.  Apple will be fixing this soon.

Advertisements