360 Degree Cyber Security, LLC

Tag Archive:Apple

Major security flaw in Apple devices running High Sierra is easily exploited.

November 28, 2017 – If you have Apple devices running High Sierra, there is a critical vulnerability that will allow anyone to access the device if they can get their hands on it.  All that needs to be done is log in as guest.  Then via System Preferences>Users & Groups>Click the lock to make changes. Then use “root” with no password. Try it for several times. When the problem is exploited, the user is authenticated into a “System Administrator” account and is given full ability to view files and even reset or change passwords for pre-existing users on that machine.

The following can be done to prevent the problem from occurring prior to Apple releases the fix.

DISABLING GUEST USER ON MACOS HIGH SIERRA
Step 1 | Launch System Preferences
Step 2 | Select Users & Groups
Step 3 | Select Guest User
Step 4 | Uncheck Allow guests to log in to this computer
CHANGING ROOT PASSWORD ON MACOS HIGH SIERRA
Step 1 | Launch System Preferences
Step 2 | Select Users & Groups
Step 3 | Select Login Options
Step 4 | Select Join next to Network Account Server
Step 5 | Select Open Directory Utility
Step 6 | Click the lock and enter your password to make changes
Step 7 | In the menu bar of Directory Utility, select Change Root Password
Step 8 | Create a strong, unique password