Search for anything.

Your search for: "" revealed the following:

Search...
CreativeTechs

Need Help?

206-682-4315

CreativeTechs
CreativeTechs
  • PARTNERS
  • REMOTE WORK
  • NEWS
  • RECYCLING PROGRAM
  • PRODUCTS WE LOVE
CreativeTechs
CreativeTechs

Your search for: "" revealed the following:

Search...

Your search for: "" revealed the following:

Search...
Recent Updates
  • WWDC 2025: Liquid Glass, New OS Features and 26 June 10, 2025
  • Ten Tips for Making the Best Use of AI Chatbots June 6, 2025
  • An Easier Way to Switch Apps on Face ID iPhones June 4, 2025
  • 5 Best Cloud Storage Providers to Save Device Space May 25, 2025
  • Blip Is a Reliable, Fast Transfer Solution that Works Well Between Platforms May 20, 2025
  • If Your Business Doesn’t Have an AI Policy, Build One Now May 15, 2025
  • Domain Name Renewal Phishing Attacks Are on the Rise May 13, 2025
Get your Security Policy
Topics

Your search for: "" revealed the following:

Search...
Recent Posts
  • At WWDC 2025, Apple Unveils Liquid Glass and Previews New OS Features
    WWDC 2025: Liquid Glass, New OS Features and 26
    Jun 10 2025
  • Ten Tips for Making the Best Use of AI Chatbots
    Jun 06 2025
  • Switch Between Apps Fluidly on Face ID iPhones
    An Easier Way to Switch Apps on Face ID iPhones
    Jun 04 2025
Tag
Apple Apple Blogs Article Backup CS4 events Flash free games Google halloween holiday HomeKit HomePod how icloud InDesign iOS iPad iPhone keynote Mac macOS mail media mode News papercraft password PDF Phishing Photography purchasing restart safe search security Siri terminal to Utilities video web design Wi-Fi Word

Super Bad Apple Vulnerability

Hey –

Just wanted to give a heads up that anyone who is one of our support customers can sleep soundly tonight.

Within minutes of reading the breaking news of todays “Root” vulnerability, we had automagically patched all of the “Pro” and Total” support customers machines that were exposed to the vulnerability.

Want some numbers? Ok. Across our fleet of Pro and Total Support users (about 300ish), only 6 machines were vulnerable (2 of them were in our test lab) And by 4:00 pm today, we had a tested and pushed out a fix to all 6.

Why only 6 when we have 100’s under care? Well, thats because we carefully manage macOS and system updates, and except in extreme cases, we have been actively blocking user installs of Mac OS 10.13 High Sierra.

How bad is this vulnerability? Its bad, but someone would need to have access to your computer to do harm. We imagine that Apple will fix it quickly. And likely silently without user intervention.

Of the 300+ users that are on our Basic support plan, about 20 of them had been ignoring our “hold off on upgrading” warnings. Those users had emails in their inboxes within an hour or so that described the steps they needed to take to secure their machines.

Want some more info on the vulnerability?

Here’s what Apple had to say…

“We are working on a software update to address this issue,  In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012. If a Root User is already enabled, to ensure a black password is not set, please follow the instructions from the ‘Change the root password’ section.”

From AppleInsider
“Discovered earlier today, the flaw allows anyone to log in under a Mac’s “root” System Administrator without the need for a password. In practice, the exploit merely requires access to System Preferences, and can be performed in a matter of seconds. Nefarious users can also exploit the bug to bypass a Mac’s lock screen.

Beyond those who have direct access to a vulnerable Mac, the security hole also works remotely in certain scenarios where screen sharing, remote access or VNC sessions are enabled. Users should disable those features until Apple’s update arrives.

As AppleInsider reported when the vulnerability was first aired today, macOS High Sierra users can prevent unauthorized Mac access by disabling the Root User under System Preferences. Alternatively, and as Apple suggests, users can enable the Root account and set a password.

Apple failed to provide a release timeline, but considering the bug impacts system-level directories and is relatively easy to exploit, a software update should be out soon.“

Tim Pearson
November 28, 2017
0
Share:
help@creativetechs.com

206-682-4315

© 2025 The Mac Men LLC, DBA CreativeTechs Support.