Don't leave your mac unattended! It has zero security now.
- in_reality
- Posts: 4529
- Joined: Fri Jul 12, 2013 6:13 am
Don't leave your mac unattended! It has zero security now.
Macs (anything running the lastest version - High Sierra) have a security flaw that lets anyone log in as an administrator with no password unless you set a password for root.
https://techcrunch.com/2017/11/28/aston ... a-machine/
https://techcrunch.com/2017/11/28/aston ... a-machine/
Last edited by in_reality on Wed Nov 29, 2017 7:50 am, edited 1 time in total.
-
- Posts: 182
- Joined: Mon Jan 31, 2011 9:13 am
Re: Don't leave your mac unattended! It has zero security now.
WOW, that is scary! My computer crashed when I was installing the Latest update. After reading that article I’m slightly relieved that it is out of commission for the few days it is at the authorized Apple dealer for repair. I hope Apple isn’t losing it’s edge.
Thanks for the alert.
Thanks for the alert.
Re: Don't leave your mac unattended! It has zero security now.
It's a bad bug, but just set a password for root and you can leave your mac unattended.
-
- Posts: 610
- Joined: Mon May 29, 2017 5:47 pm
Re: Don't leave your mac unattended! It has zero security now.
As far as we know, only applies to High Sierra. How many people here running High Sierra? If you are, set root password until patch is issued. Problem solved. The biggest pita will likely be to school network administrators and Apple store employees because every 14 year old is going to go out and try it.
Re: Don't leave your mac unattended! It has zero security now.
I'm running High Sierra on both of our family Macs.AntsOnTheMarch wrote: ↑Wed Nov 29, 2017 7:12 am As far as we know, only applies to High Sierra. How many people here running High Sierra? If you are, set root password until patch is issued. Problem solved. The biggest pita will likely be to school network administrators and Apple store employees because every 14 year old is going to go out and try it.
And you're right about school network administrators. Hopefully a lot of them are still on Sierra.
-
- Posts: 610
- Joined: Mon May 29, 2017 5:47 pm
Re: Don't leave your mac unattended! It has zero security now.
I would think Apple will release a patch pronto but it still has to go through testing. In the meantime...jhfenton wrote: ↑Wed Nov 29, 2017 7:35 amI'm running High Sierra on both of our family Macs.AntsOnTheMarch wrote: ↑Wed Nov 29, 2017 7:12 am As far as we know, only applies to High Sierra. How many people here running High Sierra? If you are, set root password until patch is issued. Problem solved. The biggest pita will likely be to school network administrators and Apple store employees because every 14 year old is going to go out and try it.
And you're right about school network administrators. Hopefully a lot of them are still on Sierra.
-
- Posts: 2135
- Joined: Fri Jun 15, 2007 4:02 pm
Re: Don't leave your mac unattended! It has zero security now.
For those of us who are tech-challenged and chose Mac for exactly that reason, i.e., its general "intuitive" feel and ease of hands-on use, what does it mean to "set a password to root"? What exactly does a person do to accomplish this? And is it something that will need to be undone when Apple itself fixes the High Sierra problem?
Thanks.
Thanks.
Re: Don't leave your mac unattended! It has zero security now.
Straight from Apple:beardsworth wrote: ↑Wed Nov 29, 2017 9:03 am For those of us who are tech-challenged and chose Mac for exactly that reason, i.e., its general "intuitive" feel and ease of hands-on use, what does it mean to "set a password to root"? What exactly does a person do to accomplish this? And is it something that will need to be undone when Apple itself fixes the High Sierra problem?
Thanks.
https://support.apple.com/en-us/HT204012
- quantAndHold
- Posts: 10141
- Joined: Thu Sep 17, 2015 10:39 pm
- Location: West Coast
Re: Don't leave your mac unattended! It has zero security now.
This is an egregious bug, but I f you leave any computer unattended, it’s game over. Not just Macs with this bug. Someone who knows what they’re doing can compromise any computer without much trouble if they have physical access.
I had a friend who was taking a computer security class of some sort, who took over the instructor’s laptop during a break by plugging a tiny thing into a USB port as he walked by. It was all in fun, but the instructor of a computer security class had to get help to figure out whe he had lost control of his laptop.
I had a friend who was taking a computer security class of some sort, who took over the instructor’s laptop during a break by plugging a tiny thing into a USB port as he walked by. It was all in fun, but the instructor of a computer security class had to get help to figure out whe he had lost control of his laptop.
Re: Don't leave your mac unattended! It has zero security now.
I just upgraded to Mac OS Sierra, not High Sierra. I think in general it's best to wait a while and not be a guinea pig for new releases.
I wish computer companies would stop this frenetic releasing of new software as they just introduce new vulnerabilities to be exploited.
I wish computer companies would stop this frenetic releasing of new software as they just introduce new vulnerabilities to be exploited.
-
- Posts: 472
- Joined: Sun Jul 26, 2015 12:19 pm
Re: Don't leave your mac unattended! It has zero security now.
Patch issued.
https://support.apple.com/en-us/HT208315
It seems like the patch worked (at least on my macbook)
https://support.apple.com/en-us/HT208315
It seems like the patch worked (at least on my macbook)
- triceratop
- Posts: 5838
- Joined: Tue Aug 04, 2015 8:20 pm
- Location: la la land
Re: Don't leave your mac unattended! It has zero security now.
Bingo. It doesn't even require sophistication. "chroot" is a wonderful thing, in particular because of this! It has allowed me to save so many OSes which would otherwise have required a full wipe.quantAndHold wrote: ↑Wed Nov 29, 2017 9:15 am This is an egregious bug, but I f you leave any computer unattended, it’s game over. Not just Macs with this bug. Someone who knows what they’re doing can compromise any computer without much trouble if they have physical access.
I had a friend who was taking a computer security class of some sort, who took over the instructor’s laptop during a break by plugging a tiny thing into a USB port as he walked by. It was all in fun, but the instructor of a computer security class had to get help to figure out whe he had lost control of his laptop.
"To play the stock market is to play musical chairs under the chord progression of a bid-ask spread."
Re: Don't leave your mac unattended! It has zero security now.
Looks like there's an update in the App Store now. Downloading now. Did not require reboot.
https://support.apple.com/en-us/HT208315
https://support.apple.com/en-us/HT208315
-
- Posts: 610
- Joined: Mon May 29, 2017 5:47 pm
Re: Don't leave your mac unattended! It has zero security now.
Patch has been issued and first part of question has been answered. As to whether steps have to be undone after patch, my understanding is that there is nothing particularly wrong with having root user set up/enabled but most users don’t need it and since it’s a powerful feature which can cause problems if used improperly, it’s usually not encouraged for the average user.beardsworth wrote: ↑Wed Nov 29, 2017 9:03 am For those of us who are tech-challenged and chose Mac for exactly that reason, i.e., its general "intuitive" feel and ease of hands-on use, what does it mean to "set a password to root"? What exactly does a person do to accomplish this? And is it something that will need to be undone when Apple itself fixes the High Sierra problem?
Thanks.
-
- Posts: 512
- Joined: Tue Jan 05, 2016 6:54 am
Re: Don't leave your mac unattended! It has zero security now.
Somehow on my Mac, I picked up a bug called Chumsearch. I have never been able to remove it. None of the instructions found online have worked. Several Apple techs have been unable to completely remove it. It has really degraded the performance of the Mac. They win. I capitulate. Picking up a Chromebook.
Re: Don't leave your mac unattended! It has zero security now.
Security Update was just released
m
m
-
- Posts: 2892
- Joined: Tue Aug 12, 2008 5:52 pm
- Location: San Diego
Re: Don't leave your mac unattended! It has zero security now.
does this update automatically or does one have to do something to get the patch?
364
-
- Posts: 610
- Joined: Mon May 29, 2017 5:47 pm
Re: Don't leave your mac unattended! It has zero security now.
travellight wrote: ↑Wed Nov 29, 2017 6:09 pm does this update automatically or does one have to do something to get the patch?
MacLife (@MacLife)
11/29/17, 12:40 PM
“This morning, as of 8 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.”
Re: Don't leave your mac unattended! It has zero security now.
That was a simple fix.
Good luck with that. -- Tet
Re: Don't leave your mac unattended! It has zero security now.
You didn't know that? y would u leave ur mac unattended anyways!in_reality wrote: ↑Wed Nov 29, 2017 5:43 am Macs (anything running the lastest version - High Sierra) have a security flaw that lets anyone log in as an administrator with no password unless you set a password for root.
https://techcrunch.com/2017/11/28/aston ... a-machine/
Re: Don't leave your mac unattended! It has zero security now.
Just got a security update for my High Sierra that came with instructions to install it immediately. I suppose this was the fix.
On the internet, nobody knows you're a dog.