Don't leave your mac unattended! It has zero security now.

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
Post Reply
User avatar
in_reality
Posts: 4529
Joined: Fri Jul 12, 2013 6:13 am

Don't leave your mac unattended! It has zero security now.

Post by in_reality » Wed Nov 29, 2017 6:43 am

Macs (anything running the lastest version - High Sierra) have a security flaw that lets anyone log in as an administrator with no password unless you set a password for root.

https://techcrunch.com/2017/11/28/aston ... a-machine/
Last edited by in_reality on Wed Nov 29, 2017 8:50 am, edited 1 time in total.

More Please
Posts: 143
Joined: Mon Jan 31, 2011 10:13 am

Re: Don't leave your mac unattended! It has zero security now.

Post by More Please » Wed Nov 29, 2017 7:01 am

WOW, that is scary! My computer crashed when I was installing the Latest update. After reading that article I’m slightly relieved that it is out of commission for the few days it is at the authorized Apple dealer for repair. I hope Apple isn’t losing it’s edge.

Thanks for the alert.

User avatar
jhfenton
Posts: 2945
Joined: Sat Feb 07, 2015 11:17 am
Location: Ohio

Re: Don't leave your mac unattended! It has zero security now.

Post by jhfenton » Wed Nov 29, 2017 8:05 am

It's a bad bug, but just set a password for root and you can leave your mac unattended.

AntsOnTheMarch
Posts: 610
Joined: Mon May 29, 2017 5:47 pm

Re: Don't leave your mac unattended! It has zero security now.

Post by AntsOnTheMarch » Wed Nov 29, 2017 8:12 am

As far as we know, only applies to High Sierra. How many people here running High Sierra? If you are, set root password until patch is issued. Problem solved. The biggest pita will likely be to school network administrators and Apple store employees because every 14 year old is going to go out and try it.

User avatar
jhfenton
Posts: 2945
Joined: Sat Feb 07, 2015 11:17 am
Location: Ohio

Re: Don't leave your mac unattended! It has zero security now.

Post by jhfenton » Wed Nov 29, 2017 8:35 am

AntsOnTheMarch wrote:
Wed Nov 29, 2017 8:12 am
As far as we know, only applies to High Sierra. How many people here running High Sierra? If you are, set root password until patch is issued. Problem solved. The biggest pita will likely be to school network administrators and Apple store employees because every 14 year old is going to go out and try it.
I'm running High Sierra on both of our family Macs.

And you're right about school network administrators. :shock: Hopefully a lot of them are still on Sierra.

AntsOnTheMarch
Posts: 610
Joined: Mon May 29, 2017 5:47 pm

Re: Don't leave your mac unattended! It has zero security now.

Post by AntsOnTheMarch » Wed Nov 29, 2017 9:55 am

jhfenton wrote:
Wed Nov 29, 2017 8:35 am
AntsOnTheMarch wrote:
Wed Nov 29, 2017 8:12 am
As far as we know, only applies to High Sierra. How many people here running High Sierra? If you are, set root password until patch is issued. Problem solved. The biggest pita will likely be to school network administrators and Apple store employees because every 14 year old is going to go out and try it.
I'm running High Sierra on both of our family Macs.

And you're right about school network administrators. :shock: Hopefully a lot of them are still on Sierra.
I would think Apple will release a patch pronto but it still has to go through testing. In the meantime...

beardsworth
Posts: 2057
Joined: Fri Jun 15, 2007 4:02 pm

Re: Don't leave your mac unattended! It has zero security now.

Post by beardsworth » Wed Nov 29, 2017 10:03 am

For those of us who are tech-challenged and chose Mac for exactly that reason, i.e., its general "intuitive" feel and ease of hands-on use, what does it mean to "set a password to root"? What exactly does a person do to accomplish this? And is it something that will need to be undone when Apple itself fixes the High Sierra problem?

Thanks.

User avatar
Pajamas
Posts: 5373
Joined: Sun Jun 03, 2012 6:32 pm

Re: Don't leave your mac unattended! It has zero security now.

Post by Pajamas » Wed Nov 29, 2017 10:12 am

beardsworth wrote:
Wed Nov 29, 2017 10:03 am
For those of us who are tech-challenged and chose Mac for exactly that reason, i.e., its general "intuitive" feel and ease of hands-on use, what does it mean to "set a password to root"? What exactly does a person do to accomplish this? And is it something that will need to be undone when Apple itself fixes the High Sierra problem?

Thanks.
Straight from Apple:

https://support.apple.com/en-us/HT204012

quantAndHold
Posts: 1701
Joined: Thu Sep 17, 2015 10:39 pm

Re: Don't leave your mac unattended! It has zero security now.

Post by quantAndHold » Wed Nov 29, 2017 10:15 am

This is an egregious bug, but I f you leave any computer unattended, it’s game over. Not just Macs with this bug. Someone who knows what they’re doing can compromise any computer without much trouble if they have physical access.

I had a friend who was taking a computer security class of some sort, who took over the instructor’s laptop during a break by plugging a tiny thing into a USB port as he walked by. It was all in fun, but the instructor of a computer security class had to get help to figure out whe he had lost control of his laptop.

User avatar
AAA
Posts: 952
Joined: Sat Jan 12, 2008 8:56 am

Re: Don't leave your mac unattended! It has zero security now.

Post by AAA » Wed Nov 29, 2017 11:34 am

I just upgraded to Mac OS Sierra, not High Sierra. I think in general it's best to wait a while and not be a guinea pig for new releases.

I wish computer companies would stop this frenetic releasing of new software as they just introduce new vulnerabilities to be exploited.

blueman457
Posts: 364
Joined: Sun Jul 26, 2015 12:19 pm

Re: Don't leave your mac unattended! It has zero security now.

Post by blueman457 » Wed Nov 29, 2017 11:35 am

Patch issued.

https://support.apple.com/en-us/HT208315

It seems like the patch worked (at least on my macbook)

User avatar
triceratop
Moderator
Posts: 5089
Joined: Tue Aug 04, 2015 8:20 pm
Location: la la land

Re: Don't leave your mac unattended! It has zero security now.

Post by triceratop » Wed Nov 29, 2017 11:40 am

quantAndHold wrote:
Wed Nov 29, 2017 10:15 am
This is an egregious bug, but I f you leave any computer unattended, it’s game over. Not just Macs with this bug. Someone who knows what they’re doing can compromise any computer without much trouble if they have physical access.

I had a friend who was taking a computer security class of some sort, who took over the instructor’s laptop during a break by plugging a tiny thing into a USB port as he walked by. It was all in fun, but the instructor of a computer security class had to get help to figure out whe he had lost control of his laptop.
Bingo. It doesn't even require sophistication. "chroot" is a wonderful thing, in particular because of this! It has allowed me to save so many OSes which would otherwise have required a full wipe.
"To play the stock market is to play musical chairs under the chord progression of a bid-ask spread."

DiggleRex
Posts: 196
Joined: Fri Sep 29, 2017 7:17 am

Re: Don't leave your mac unattended! It has zero security now.

Post by DiggleRex » Wed Nov 29, 2017 11:57 am

Looks like there's an update in the App Store now. Downloading now. Did not require reboot.

https://support.apple.com/en-us/HT208315

AntsOnTheMarch
Posts: 610
Joined: Mon May 29, 2017 5:47 pm

Re: Don't leave your mac unattended! It has zero security now.

Post by AntsOnTheMarch » Wed Nov 29, 2017 12:09 pm

beardsworth wrote:
Wed Nov 29, 2017 10:03 am
For those of us who are tech-challenged and chose Mac for exactly that reason, i.e., its general "intuitive" feel and ease of hands-on use, what does it mean to "set a password to root"? What exactly does a person do to accomplish this? And is it something that will need to be undone when Apple itself fixes the High Sierra problem?

Thanks.
Patch has been issued and first part of question has been answered. As to whether steps have to be undone after patch, my understanding is that there is nothing particularly wrong with having root user set up/enabled but most users don’t need it and since it’s a powerful feature which can cause problems if used improperly, it’s usually not encouraged for the average user.

LuigiLikesPizza
Posts: 324
Joined: Tue Jan 05, 2016 7:54 am

Re: Don't leave your mac unattended! It has zero security now.

Post by LuigiLikesPizza » Wed Nov 29, 2017 4:39 pm

Somehow on my Mac, I picked up a bug called Chumsearch. I have never been able to remove it. None of the instructions found online have worked. Several Apple techs have been unable to completely remove it. It has really degraded the performance of the Mac. They win. I capitulate. Picking up a Chromebook.

marc515
Posts: 141
Joined: Sun Jan 27, 2008 9:12 am

Re: Don't leave your mac unattended! It has zero security now.

Post by marc515 » Wed Nov 29, 2017 7:00 pm

Security Update was just released
m

travellight
Posts: 2766
Joined: Tue Aug 12, 2008 5:52 pm
Location: San Diego

Re: Don't leave your mac unattended! It has zero security now.

Post by travellight » Wed Nov 29, 2017 7:09 pm

does this update automatically or does one have to do something to get the patch?

AntsOnTheMarch
Posts: 610
Joined: Mon May 29, 2017 5:47 pm

Re: Don't leave your mac unattended! It has zero security now.

Post by AntsOnTheMarch » Wed Nov 29, 2017 7:14 pm

travellight wrote:
Wed Nov 29, 2017 7:09 pm
does this update automatically or does one have to do something to get the patch?
MacLife (@MacLife)
11/29/17, 12:40 PM
“This morning, as of 8 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.”

User avatar
tetractys
Posts: 4596
Joined: Sat Mar 17, 2007 3:30 pm
Location: Along the Salish Sea

Re: Don't leave your mac unattended! It has zero security now.

Post by tetractys » Wed Nov 29, 2017 10:08 pm

That was a simple fix.
LuigiLikesPizza wrote:
Wed Nov 29, 2017 4:39 pm
I capitulate. Picking up a Chromebook.
Good luck with that. -- Tet

knick17
Posts: 81
Joined: Sun Jul 02, 2017 9:39 am

Re: Don't leave your mac unattended! It has zero security now.

Post by knick17 » Wed Nov 29, 2017 11:14 pm

in_reality wrote:
Wed Nov 29, 2017 6:43 am
Macs (anything running the lastest version - High Sierra) have a security flaw that lets anyone log in as an administrator with no password unless you set a password for root.

https://techcrunch.com/2017/11/28/aston ... a-machine/
You didn't know that? y would u leave ur mac unattended anyways!

CULater
Posts: 1039
Joined: Sun Nov 13, 2016 10:59 am

Re: Don't leave your mac unattended! It has zero security now.

Post by CULater » Wed Nov 29, 2017 11:31 pm

Just got a security update for my High Sierra that came with instructions to install it immediately. I suppose this was the fix.
May you have the hindsight to know where you've been, The foresight to know where you're going, And the insight to know when you've gone too far. ~ Irish Blessing

User avatar
CyberBob
Posts: 3185
Joined: Tue Feb 20, 2007 2:53 pm

Re: Don't leave your mac unattended! It has zero security now.

Post by CyberBob » Thu Nov 30, 2017 11:16 am

CULater wrote:
Wed Nov 29, 2017 11:31 pm
Just got a security update for my High Sierra that came with instructions to install it immediately. I suppose this was the fix.
Yep, it's fixed: https://support.apple.com/en-us/HT208315

Post Reply