With the latest security blunder in High Sierra 10.13.1 had a bug that allowed anyone with local access to your Mac the ability to authenticate using the root account. The key is they need local access, but once enabled they could install software to spy on you, and we read some reports that users with remote desktop or screen sharing turned on could have commands sent to modify your Mac without your knowledge.
If you aren’t savvy with tech lingo, then just think of root as your behind the scenes system administrator account. Normally, this account is disabled from logging in and hidden from your view as a user. In smart phones, you may have heard of folks “rooting” their phone to customize it or put special software that the manufacture doesn’t allow. This shows you the power of this system account that IT people rely on to help you.
Of course not everyone was effected to the same degree by this bug, but security professionals are recommending everyone running the latest OS update via the App Store or install the patch made available today: https://support.apple.com/en-us/HT208315
This should sound scary in today’s day and age of constant and escalating attacks, but more importantly it should get you thinking about how to secure your Mac. All of our clients were patched early this morning after we were alerted to the issue last evening and we were able to test the fix. That’s what is so great about our plans! We can be actively securing high sierra for those who upgraded before it becomes a security breach. If you are looking for more ways to lock down your Mac, we suggest enabling FileVault, considering a Firmware password, and installing software to scan for malware such as our favorite BitDefender.
PSA: Updates are important.
We just wanted to do a quick public service announcement on these critical updates, MacOS 10.13.1 and iOS 11.1, released on Halloween for devices we support. Too often it’s very easy to ignore these because we are using our device, but as each year progresses the challenges of keeping devices secure intensifies. You can see all major tech firms security updates have increased in frequency, and if you like to read release notes like I do — you’d notice they are getting longer and longer. You can read more about these specific Apple updates here for 10.13.1, here for 11.1, and about the security specific changes here.
My personal favorite and somewhat recently famous.
My favorite and the most popular recent exploit was regarding Wi-Fi. You know, that magical RF fairy dust that connects us all and has become downright critical in today’s age. If you haven’t seen in the news, there has been some critical flaws unearthed in Wi-Fi authentication and published by KU Leuven students. Basically, when your device asks to join your network that you already have saved in your collection then it usually has no problem remembering and giving the password to connect on your behalf. What you might not know is that each time you reconnect again to that Wi-Fi network it does this super cool 4-way handshake each time to make sure all is tight in the wireless neighborhood. The students who published, Mathy Vanhoef and Frank Piessens, found out how this 14 year old handshake is super out of style and letting in some bad stuff in between you and your device. Using this flaw someone can start taking small pieces of your data and figure out how to gain access to even more that you may not want getting out such as passwords.
What you can do to protect.
Hackers love a good fight, so be sure to update to keep your device clean. Taking a few moments to backup your device and do the upgrade can give you device separation anxiety. However, the piece of mind is well worth it. All our clients’ respective devices that we manage have already been updated, and we’ve prompted them to restart and install by the time you are reading this post. That’s the really cool feature of our service offering for businesses, so please reach out to us for how you can better manage your Wi-Fi and updates:
[contact-form to=”firstname.lastname@example.org” subject=”Updates Post 11/2″][contact-field label=”Name” type=”name” required=”1″][contact-field label=”Email” type=”email” required=”1″][contact-field label=”Message” type=”textarea”][/contact-form]
Apple, iOS, and MacOS are registered trademarks of Apple, Inc.