Centrify has warned that a major security flaw in Apple’s High Sierra operating system creates a significant vulnerability for affected Macs using Active Directory in the enterprise.
The security vulnerability, reported widely over the past day, allows anyone to log in to a Mac running High Sierra by simply typing in the word “root” as the username and hitting the enter key several times. This simple action gives complete superuser access rights to the system, exposing all user data.
In a Centrify blog, Centrify Director of Product Management Peter Havens warns that this Apple root bug can allow access through the login screen or the screen saver lock screen for Active Directory (AD)-joined Macs used in an enterprise. “This is much more significant than the originally reported issue because it allows an admin to elevate privileges by unlocking system preferences,” he said.
“In addition, if a Mac user has ‘screen sharing’ enabled – perhaps from a previous IT support issue – the root login can be used to remotely view the user’s screen without them knowing, or login remotely. While there is a simple workaround – by creating a user with the name ‘root’ and setting a unique and complex password – and Apple is sure to address this gaping hole quickly, it highlights a fundamental but ignored gap in enterprise security.
“For many companies, the practice of reusing the same local admin password for every endpoint, and rarely, if ever, changing it continues to be common practice. If that password becomes exposed through phishing or credential theft then the attacker has unfettered access to every endpoint in the organisation. All local admin accounts – including the root account on Macs – should have unique passwords that are randomly created and regularly rotated. An easy way to accomplish this is through the use of local admin password management (LAPM) solution. With LAPM, authorised users can check out the local admin password for remote management or to temporarily grant admin rights to the device’s primary user.”
Centrify is a global security company that redefines security from a legacy static perimeter-based approach to protecting millions of scattered connections in a boundaryless hybrid enterprise. As the only industry-recognised leader in both Privileged Identity Management and Identity-as-a-Service, Centrify provides a single platform to secure each user’s access to apps and infrastructure through the power of identity services. This is Next Dimension Security in the Age of Access. Centrify enables more than 5000 customers, including over half the Fortune 50 in the US, to defend their organisations. To learn more visit www.centrify.com.