Macs running the latest version of High Sierra - 10.13.1 (17B48) - were under threat this week.
A bug in the software allowed anyone to login as the ”root” superuser using an empty password string. It works on the device itself, but also works over Remote Desktop and VNC. You could also login as the “root” user with no password if you have the name and password option checked in users and groups.
Once logged in, you’ve essentially authenticated yourself as the owner of the computer. You can add administrators, change critical settings, lock out the current owner, and so on.
Locally, you can mitigate the High Sierra bug by setting a root password. You can do this in “Directory Utility” using edit, Enable Root user (if you've attempted to try the bug this may be already enabled) and “Change root password”. You can also do this in a terminal with ‘sudo passwd -u root’.
But this doesn’t protect your entire network, only the individual machine. What if someone is already on said computer, accessing your network and installing malware?
Network Protection for all MacOS High Sierra Users
Many MacOS High Sierra users won’t necessarily have fixed this threat. In fact, this is a prime example of how hackers can access network resources without proper credentials.
Cyxtera used AppGate SDP to secure its network from this security flaw. We simply created a filter in AppGate SDP to check operating systems and versions. Any person that is logging into the network using an OS and version match to High Sierra is denied access to the server.
End users received an automated message notifying them that the operating system and version running is not allowed to access the network.
This type of breach is increasingly common. By employing a tool like AppGate SDP that looks at the user, the environment and the infrastructure to authenticate prior to granting access, when breaches like this occur, organizations can immediately and easily protect themselves.
Learn more about AppGate SDP.