As seen in the news recently, a serious flaw in Apple’s most recent computer operating system (MacOS X High Sierra) allows any person to gain administrative access to the machine without a password. Anyone with physical access to the computer can gain root access simply by typing “root” in the “Users and Groups” section of System Preferences. No password is required. With root access, a malicious person can then operate as an administrator on the computer to download malware, steal any information, add other users, and further compromise the computer. This flaw requires physical access to the computer, but it may also work remotely if Apple Remote Desktop is enabled.
Apple has released a security update that addresses the issue, and it is recommended that all Mac owners with High Sierra (Mac OS X 10.13) install the security update immediately. More details can be found from Apple at https://support.apple.com/en-us/HT208315.
DoIT would also like to remind students, faculty, and staff to secure their devices and be aware of them at all times. Often laptops, cell phones, headphones, bags, and etc. are left unattended in public areas such as the Library, Commons, and classrooms. Even if you are leaving for a few minutes to go to the restroom, that is plenty of time for someone to steal your belongings, or compromise your devices. UMBC police have received reports of laptops stolen while the owner’s back was turned to talk to a friend. You as an individual are the number one source in keeping yourself and your devices safe from cyber attacks, as well as helping keep our campus safe. If you become aware of any malicious activity or have any questions, please report it to firstname.lastname@example.org.