News broke earlier this week that a serious security flaw was found in the latest version of Apple’s macOS High Sierra that could allow anyone to access locked settings on a Mac using the user name “root” and no password, and subsequently unlock the computer.
If you are planning to write on this, please see below for some insights from Chris Day, chief cyber security officer at Cyxtera:
“Apple just issued a patch for the macOS High Sierra Bug that was revealed on Tuesday. The bug enabled anyone to login to a system as the “root” superuser with an empty password field and a view clicks. Root privileges provide the deepest level of access. If an adversary were to exploit this bug, they could login as the owner of the computer and take full control of all functions, like adding administrators, changing critical settings, locking out the current owner, and so on.
“While it’s good that a patch is now available, it is an old way to approach the larger issue of network security. A patch, which may or may not be applied in a timely way, is reactive. We need more proactive tools for protecting networks from illegitimate users. A software defined perimeter approach is gaining momentum because it uses a ‘least privileged’ approach to granting network access.
“Cyxtera used AppGate SDP to secure its own network from the High Sierra security flaw. We simply created a filter in AppGate SDP to check operating systems and versions. Any person that is logging into the network using an OS and version match to High Sierra is denied access to the server. End users received an automated message notifying them that the operating system and version running is not allowed to access the network.
“Authentication is not a binary action. Credentials alone shouldn’t be enough to gain network access. You must be able to identify the user, the environment and the infrastructure to authenticate prior to granting access. That way, organizations can immediately and easily protect themselves.”