Don't leave your mac unattended! It has zero security now.

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
Post Reply
User avatar
Topic Author
in_reality
Posts: 4529
Joined: Fri Jul 12, 2013 6:13 am

Don't leave your mac unattended! It has zero security now.

Post by in_reality »

Macs (anything running the lastest version - High Sierra) have a security flaw that lets anyone log in as an administrator with no password unless you set a password for root.

https://techcrunch.com/2017/11/28/aston ... a-machine/
Last edited by in_reality on Wed Nov 29, 2017 7:50 am, edited 1 time in total.
More Please
Posts: 182
Joined: Mon Jan 31, 2011 9:13 am

Re: Don't leave your mac unattended! It has zero security now.

Post by More Please »

WOW, that is scary! My computer crashed when I was installing the Latest update. After reading that article I’m slightly relieved that it is out of commission for the few days it is at the authorized Apple dealer for repair. I hope Apple isn’t losing it’s edge.

Thanks for the alert.
User avatar
jhfenton
Posts: 4754
Joined: Sat Feb 07, 2015 10:17 am
Location: Ohio

Re: Don't leave your mac unattended! It has zero security now.

Post by jhfenton »

It's a bad bug, but just set a password for root and you can leave your mac unattended.
AntsOnTheMarch
Posts: 610
Joined: Mon May 29, 2017 5:47 pm

Re: Don't leave your mac unattended! It has zero security now.

Post by AntsOnTheMarch »

As far as we know, only applies to High Sierra. How many people here running High Sierra? If you are, set root password until patch is issued. Problem solved. The biggest pita will likely be to school network administrators and Apple store employees because every 14 year old is going to go out and try it.
User avatar
jhfenton
Posts: 4754
Joined: Sat Feb 07, 2015 10:17 am
Location: Ohio

Re: Don't leave your mac unattended! It has zero security now.

Post by jhfenton »

AntsOnTheMarch wrote: Wed Nov 29, 2017 7:12 am As far as we know, only applies to High Sierra. How many people here running High Sierra? If you are, set root password until patch is issued. Problem solved. The biggest pita will likely be to school network administrators and Apple store employees because every 14 year old is going to go out and try it.
I'm running High Sierra on both of our family Macs.

And you're right about school network administrators. :shock: Hopefully a lot of them are still on Sierra.
AntsOnTheMarch
Posts: 610
Joined: Mon May 29, 2017 5:47 pm

Re: Don't leave your mac unattended! It has zero security now.

Post by AntsOnTheMarch »

jhfenton wrote: Wed Nov 29, 2017 7:35 am
AntsOnTheMarch wrote: Wed Nov 29, 2017 7:12 am As far as we know, only applies to High Sierra. How many people here running High Sierra? If you are, set root password until patch is issued. Problem solved. The biggest pita will likely be to school network administrators and Apple store employees because every 14 year old is going to go out and try it.
I'm running High Sierra on both of our family Macs.

And you're right about school network administrators. :shock: Hopefully a lot of them are still on Sierra.
I would think Apple will release a patch pronto but it still has to go through testing. In the meantime...
beardsworth
Posts: 2135
Joined: Fri Jun 15, 2007 4:02 pm

Re: Don't leave your mac unattended! It has zero security now.

Post by beardsworth »

For those of us who are tech-challenged and chose Mac for exactly that reason, i.e., its general "intuitive" feel and ease of hands-on use, what does it mean to "set a password to root"? What exactly does a person do to accomplish this? And is it something that will need to be undone when Apple itself fixes the High Sierra problem?

Thanks.
User avatar
Pajamas
Posts: 6015
Joined: Sun Jun 03, 2012 6:32 pm

Re: Don't leave your mac unattended! It has zero security now.

Post by Pajamas »

beardsworth wrote: Wed Nov 29, 2017 9:03 am For those of us who are tech-challenged and chose Mac for exactly that reason, i.e., its general "intuitive" feel and ease of hands-on use, what does it mean to "set a password to root"? What exactly does a person do to accomplish this? And is it something that will need to be undone when Apple itself fixes the High Sierra problem?

Thanks.
Straight from Apple:

https://support.apple.com/en-us/HT204012
User avatar
quantAndHold
Posts: 10141
Joined: Thu Sep 17, 2015 10:39 pm
Location: West Coast

Re: Don't leave your mac unattended! It has zero security now.

Post by quantAndHold »

This is an egregious bug, but I f you leave any computer unattended, it’s game over. Not just Macs with this bug. Someone who knows what they’re doing can compromise any computer without much trouble if they have physical access.

I had a friend who was taking a computer security class of some sort, who took over the instructor’s laptop during a break by plugging a tiny thing into a USB port as he walked by. It was all in fun, but the instructor of a computer security class had to get help to figure out whe he had lost control of his laptop.
User avatar
AAA
Posts: 1876
Joined: Sat Jan 12, 2008 7:56 am

Re: Don't leave your mac unattended! It has zero security now.

Post by AAA »

I just upgraded to Mac OS Sierra, not High Sierra. I think in general it's best to wait a while and not be a guinea pig for new releases.

I wish computer companies would stop this frenetic releasing of new software as they just introduce new vulnerabilities to be exploited.
blueman457
Posts: 472
Joined: Sun Jul 26, 2015 12:19 pm

Re: Don't leave your mac unattended! It has zero security now.

Post by blueman457 »

Patch issued.

https://support.apple.com/en-us/HT208315

It seems like the patch worked (at least on my macbook)
User avatar
triceratop
Posts: 5838
Joined: Tue Aug 04, 2015 8:20 pm
Location: la la land

Re: Don't leave your mac unattended! It has zero security now.

Post by triceratop »

quantAndHold wrote: Wed Nov 29, 2017 9:15 am This is an egregious bug, but I f you leave any computer unattended, it’s game over. Not just Macs with this bug. Someone who knows what they’re doing can compromise any computer without much trouble if they have physical access.

I had a friend who was taking a computer security class of some sort, who took over the instructor’s laptop during a break by plugging a tiny thing into a USB port as he walked by. It was all in fun, but the instructor of a computer security class had to get help to figure out whe he had lost control of his laptop.
Bingo. It doesn't even require sophistication. "chroot" is a wonderful thing, in particular because of this! It has allowed me to save so many OSes which would otherwise have required a full wipe.
"To play the stock market is to play musical chairs under the chord progression of a bid-ask spread."
DiggleRex
Posts: 248
Joined: Fri Sep 29, 2017 7:17 am

Re: Don't leave your mac unattended! It has zero security now.

Post by DiggleRex »

Looks like there's an update in the App Store now. Downloading now. Did not require reboot.

https://support.apple.com/en-us/HT208315
AntsOnTheMarch
Posts: 610
Joined: Mon May 29, 2017 5:47 pm

Re: Don't leave your mac unattended! It has zero security now.

Post by AntsOnTheMarch »

beardsworth wrote: Wed Nov 29, 2017 9:03 am For those of us who are tech-challenged and chose Mac for exactly that reason, i.e., its general "intuitive" feel and ease of hands-on use, what does it mean to "set a password to root"? What exactly does a person do to accomplish this? And is it something that will need to be undone when Apple itself fixes the High Sierra problem?

Thanks.
Patch has been issued and first part of question has been answered. As to whether steps have to be undone after patch, my understanding is that there is nothing particularly wrong with having root user set up/enabled but most users don’t need it and since it’s a powerful feature which can cause problems if used improperly, it’s usually not encouraged for the average user.
LuigiLikesPizza
Posts: 512
Joined: Tue Jan 05, 2016 6:54 am

Re: Don't leave your mac unattended! It has zero security now.

Post by LuigiLikesPizza »

Somehow on my Mac, I picked up a bug called Chumsearch. I have never been able to remove it. None of the instructions found online have worked. Several Apple techs have been unable to completely remove it. It has really degraded the performance of the Mac. They win. I capitulate. Picking up a Chromebook.
marc515
Posts: 168
Joined: Sun Jan 27, 2008 8:12 am

Re: Don't leave your mac unattended! It has zero security now.

Post by marc515 »

Security Update was just released
m
travellight
Posts: 2892
Joined: Tue Aug 12, 2008 5:52 pm
Location: San Diego

Re: Don't leave your mac unattended! It has zero security now.

Post by travellight »

does this update automatically or does one have to do something to get the patch?
364
AntsOnTheMarch
Posts: 610
Joined: Mon May 29, 2017 5:47 pm

Re: Don't leave your mac unattended! It has zero security now.

Post by AntsOnTheMarch »

travellight wrote: Wed Nov 29, 2017 6:09 pm does this update automatically or does one have to do something to get the patch?
MacLife (@MacLife)
11/29/17, 12:40 PM
“This morning, as of 8 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.”
User avatar
tetractys
Posts: 6194
Joined: Sat Mar 17, 2007 3:30 pm
Location: Along the Salish Sea

Re: Don't leave your mac unattended! It has zero security now.

Post by tetractys »

That was a simple fix.
LuigiLikesPizza wrote: Wed Nov 29, 2017 3:39 pmI capitulate. Picking up a Chromebook.
Good luck with that. -- Tet
knick17
Posts: 81
Joined: Sun Jul 02, 2017 9:39 am

Re: Don't leave your mac unattended! It has zero security now.

Post by knick17 »

in_reality wrote: Wed Nov 29, 2017 5:43 am Macs (anything running the lastest version - High Sierra) have a security flaw that lets anyone log in as an administrator with no password unless you set a password for root.

https://techcrunch.com/2017/11/28/aston ... a-machine/
You didn't know that? y would u leave ur mac unattended anyways!
User avatar
CULater
Posts: 2832
Joined: Sun Nov 13, 2016 9:59 am
Location: Hic sunt dracones

Re: Don't leave your mac unattended! It has zero security now.

Post by CULater »

Just got a security update for my High Sierra that came with instructions to install it immediately. I suppose this was the fix.
On the internet, nobody knows you're a dog.
User avatar
CyberBob
Posts: 3387
Joined: Tue Feb 20, 2007 1:53 pm

Re: Don't leave your mac unattended! It has zero security now.

Post by CyberBob »

CULater wrote: Wed Nov 29, 2017 10:31 pm Just got a security update for my High Sierra that came with instructions to install it immediately. I suppose this was the fix.
Yep, it's fixed: https://support.apple.com/en-us/HT208315
Post Reply