We’ve got 3 quick and easy steps for you to prevent and fix this issue.

If haven’t heard the news, Apple’s new Mac OS High Sierra has a huge security flaw that allows full admin access without a password. Basically if you leave your Mac sitting around, someone can simply go into the user security settings and login easily. More details are available in this article from TechCrunch. The bug was found yesterday by Lemi Orhan Ergin, a Turkish software developer, and posted to his Twitter.

WARNING: Don't try this at home. No, really, don't follow the steps in the twitter images. They're meant to demonstrate the issue. Keep scrolling down to see our solutions. 

highsierrasecurityissue1.png
highsierrasecurityissue2.png
 

Step 1: Never leave you computer unattended and unlocked.

You of course leave yourself open to pranks from co-workers who generally mean well; but the bigger risk comes in shared spaces like cafes and airports. Always lock your computer by setting it to sleep or logging off; and if it’s a laptop, bring it with you wherever you go, even if it’s to the restroom. In general, I trust strangers (I’m a hitchhiker and couchsurfer after all) BUT NOT when it comes to watching my laptop; never leave your personal and company data up to chance.

laptoplockmacoshighsierraflaw.jpg

If you work in a high traffic office with lots of access from the public (e.g. school campus), I would consider a physical laptop lock. While this is not a direct solution to the Mac OS High Sierra bug, it also important to remind everyone about the physical side of IT security. There’s plenty to choose from on amazon; here’s one we like for $21.99. Makes for a perfect stocking stuffer or secret (& secure) Santa gift in the office!  

Now would be also a good time to check your Security & Privacy settings on your Mac. We recommend you require a password after your Mac sleeps or screen saver begins. Below are some instructions on how to do that.

  • Go to Apple Menu, then select System Preferences
  • In System Preferences, select Security & Privacy.
  • In the General tab, make sure that “Require password 1 minute after sleep or screen saver begins” is checked. (You can change the timing of course but anything greater than a minute is just more opportunity for bad guys).
requirepassword1.png
requirepassword2.png
requirepassword3.png
 

Step 2: Fix the issue with IT management software.

Apple says it’s working on it but let’s not wait around for them. If you’re tech savvy and used to fixing issues yourself, be our guest. MacRumors’ blog provides a great temporary fix here.

But if you’re like many of our customers, your time is more valuable spent on working on growing your business, helping clients, or serving the community (shout out to our client Support for Families of Children with Disabilities). So here’s a perfect chance to get in touch with Jones IT and let us be your IT department!

At Jones IT, we use IT management software for our clients that allows us to quickly do updates, patch bugs, and roll out security features. For Macs, we use Addigy and JAMF  software to help us with this process and preemptively identify issues before they become a problem. These tools give us the chance to see which computers are vulnerable, take action, and follow up often after-hours so your workflow isn’t disturbed.

 
addigy-logo-black-words-square.png
jamflogo.jpg
 
 

Step 3: Educate yourself on the latest security risks.

We all know technology is advancing daily and the same goes for security risks. It is truly hard to keep up sometimes but you can start by following Jones IT on social media (Twitter, Facebook, LinkedIn)  and subscribing to our blog.  

macossierrasecurityflaw.jpg

Review some of our 2017 blogs to protect yourself from other security risks. Here are some of my favorite:

Are you worried that your Mac is vulnerable? We offer Security Plans & IT Management Software for Apple devices to protect and educate your staff in case of future Apple security bugs. We also provide solutions for having Secure Data Backups & Networks (WiFi, VPN, etc.). Call or email Jones IT today!

2 Comments