Protecting our personal data requires much more than simply relying on an efficient online privacy tool such as CyberGhost VPN. We always have to make sure our devices are protected with strong passwords, that our operating systems are up-to-date so that security flaws are fixed, we should try not to connect to unprotected public WiFis, only visit HTTPS websites and of course, never go online without CyberGhost VPN.
However, sometimes, these measures may not be enough. The latest version of MacOS High Sierra – 10.13.1 (17B48), released in September – has a flaw which allows people to enter the word “root” when prompted for a username, and provide no password when logging on to the device. Once someone logs in, they’ve essentially authenticated themselves as the owners of the computer. They can add administrators, change critical settings, lock out the current owner, and so on.
Bear in mind that there’s no need to do this yourself to verify it. Doing so creates a “root” account that others may be able to take advantage of if you don’t disable it.
The glitch grants anyone to access the file system for a Mac, exposing private documents on that particular device.
The bug appears to have been first noticed by Lemi Orhan Ergin, founder of Software Craftsman Turkey, who noted it publicly on Twitter.
Although Mac devices are generally regarded as extra secure and less prone to hacking and malware infections, this is a major and very dangerous flaw.
What is there to do?
Here is what Apple says:
“We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.”
So until this issue is solved, make sure to follow the above-mentioned instructions, so that your personal data don’t end up in the wrong hands.
Otherwise, leaving your device unattended is definitely not a good idea!