Posted on Leave a comment

Securing High Sierra

With the latest security blunder in High Sierra 10.13.1 had a bug that allowed anyone with local access to your Mac the ability to authenticate using the root account. The key is they need local access, but once enabled they could install software to spy on you, and we read some reports that users with remote desktop or screen sharing turned on could have commands sent to modify your Mac without your knowledge.

If you aren’t savvy with tech lingo, then just think of root as your behind the scenes system administrator account. Normally, this account is disabled from logging in and hidden from your view as a user. In smart phones, you may have heard of folks “rooting” their phone to customize it or put special software that the manufacture doesn’t allow. This shows you the power of this system account that IT people rely on to help you.

Of course not everyone was effected to the same degree by this bug, but security professionals are recommending everyone running the latest OS update via the App Store or install the patch made available today: https://support.apple.com/en-us/HT208315

This should sound scary in today’s day and age of constant and escalating attacks, but more importantly it should get you thinking about how to secure your Mac. All of our clients were patched early this morning after we were alerted to the issue last evening and we were able to test the fix. That’s what is so great about our plans! We can be actively securing high sierra for those who upgraded before it becomes a security breach. If you are looking for more ways to lock down your Mac, we suggest enabling FileVault, considering a Firmware password, and installing software to scan for malware such as our favorite¬†BitDefender.