How to fix the Apple password flaw

On Wednesday 29th November Apple issued an emergency software update for the High Sierra version of its MacOS that fixes a glaring vulnerability.

The flaw, discovered by software developer Lemi Orhan Ergin let you gain access to any Mac running on High Sierra by simply typing "root" in the username field, leaving the password blank and then clicking the login button a few times.

Is my Mac protected?

Late Tuesday, Apple confirmed it was working on a software update to fix the flaw and issued step by step instructions to help customers protect their machines by enabling the root user or changing the root password. Within 24 hours the company were advising users that Security update 2017-001 would be automatically installed on all systems running the latest version (10.13.1) of MacOS High Sierra.

How to install and confirm the Security update:

1. Open the Mac App Store and the update will be available to download. 
   
   
2. Once installed go to your Applications folder and open the Terminal app in the Utilities folder. 
   
   
3. Type what/usr/libexec/opendirectoryd and press Return. 
   
   
4. If the system update 2017-001 was installed successfully, you will see one of these project version numbers:
   
              - opendirectoryd-483.1.5 on macOS High Sierra 10.13
              - opendirectoryd-483.20.7 on macOS High Sierra 10.13.1
   

Unfortunately, this fix has created an additional bug within the file sharing system of macOS, preventing some users from authenticating with or connecting to file shares which are used in business and on home networks.

If you experience issues with file shares follow these steps:

1. Open the Terminal app, which is in the Utilities folder of your Applications folder.
   
   
2. Type sudo/usr/libexec/configureLocalKDC and press Return. 
   
   
3. Enter your administrator password and press Return.
   
   
4. Quit the Terminal app.

How do I keep my password secure?

The first step to protecting your private information is by ensuring your devices have a strong password and that you keep it hidden from prying eyes. Follow these simple steps to keep it safe:
 

1. Always log off when you are done using your device and make sure you use different passwords for each of them.
   
   
2. Change your passwords often. Experts recommend changing it every three months and not using the same password for a year.
   
   
3. Create a strong password using letters and numbers and avoid using common words, place names or phrases.
   
   
4. Use a comprehensive Internet security suite to help keep all your devices safe from malware and viruses that can steal your password.
   
   
5. Do not enter passwords when using unsecured Wi-Fi connections (like at the airport or coffee shop)—hackers can intercept your passwords and data over this unsecured connection. If you are compelled to do so make sure your information is encrypted. Norton Secure VPN lets your surf the web anonymously while helping to protect your privacy.
   
   
6. Use two-factor authentication where it is available. This adds an extra layer of authentication in addition to your password to access your accounts.

Do Mac's need antivirus?