In a very unusual laps of quality control Apple Macintosh users found their computer security lacking after an update this week. The systems root account was accessible without a password or any other type of authentication.
In computer security, what is a “root” account?
Almost all computer types have a way to access the entire system without restriction. In the Windows operating system this is called “administrator”. On some servers it’s called “super user”. The Macintosh platform calls it “root”. The purpose for these type of accounts is to allow access to perform maintenance, install software and do other things that require complete accessibility. The accounts are not meant to be used on a regular basis and the credentials are usually restricted to the owner or network personal for the given equipment.
Without exception, authentication of some kind is required to access a root account. At a minimum this is a password and can be much more complicated. With the flaw from Apple a password was not required, you simply asked for root system access and you got it.
How can I fix this computer security problem and protect my Mac?
Apple released a patch on Wednesday to fix this problem. To protect your Mac, make sure it’s updated. When using automatic updates you should already have the problem resolved. If you run updates manually make sure you install the patch from Wednesday, 11/29.
Finally, if you are very concerned you can also contact Apple Support. They will walk you through a few steps to make sure the patch is installed, and the system is secure.
If I don’t use a Mac is there a lesson I can learn here about computer security?
As a general rule it is important to always make sure you equipment is up to date. While it is very unusual to have an update pushed that causes this type of problem it does happen from time to time. Every update gives a description of what it will do. Be aware of what is being installed and when a problem arises you can react faster to get it resolved.
William (Bill) Sikkens has been a technology expert for KXL on the Morning Show with Steve and Rebecca since 2014. With an expertise in I.T., cyber security and software design he has had more than 20 years’ experience with advanced technology. Sikkens conceptualizes and designs custom applications for many professional industries from health care to banking and has the ability to explain the details in a way all can understand.
Got a technology question or comment for Bill? Follow him on Twitter @sikkensw