MacOS High Sierra: a vulnerability issue

MacOS High Sierra

In the latest version of Apple operating system ( MacOS High Sierra ) there is a worrying weak spot. This vulnerability allows third parties to obtain admin rights without any particular effort. No password needed! This issue only regards 10.13.1 MacOS edition. Fortunately, this weak spot does not affect other versions. But there is a very important aspect to consider. Actually, it exposes users’ data and these data can be stolen from whoever has a fisic access to the computer.

MacOS High Sierra: fixing the problem

To solve this MacOS High Sierra issue, Apple is working to release an update. What is not clear yet is timing. Even though it is likely to be very short. In similar circumstances Apple has been criticized for its delays in fixing security vulnerabilities (even if not serious as this one).


What can we do in the meantime?

Waiting for the update we can start doing something to protect ourselves, data privacy is crucial. In order to increase our security level we should set a root password.

In order to assure to your business the best tool available, Swascan together with Raoul Chiesa ( Raoul Chiesa interview ) developed a special cybersecurity platform. It is completely in Cloud, Pay per Use and SaaS. You can see for yourself in our brochure: Cybersecurity platform and have an in-depth look at our services. Our four services cover all the governance needs in terms of risk management and periodic assessment. Basically, if you need to understand the areas in which your efforts must focus, GDPR Self-Assessment, Vulnerability Assessment, Network Scan and Code Review are the right tools for you. Last but not least, don’t forget GDPR ( GDPR guide ) and the introduction of new figures such as the DPO : our platform is 100% GDPR compliant ( GDPR infographic ).

GDPR: introduction and explanation of the new set of rules
DPO or Data Protection Officer: figure explanation

Cyber Incident Swascan Emergency

Contact us for immediate support

The undersigned, as data subject, DECLARES that I have read and understood the content of the privacy policy pursuant to Article 13, GDPR. AGREE to the processing of data in relation to the sending by the Data Controller of commercial and / or promotional communications relating to (i) own products / services, or (ii) products / services offered by third parties.
The consent given may be revoked at any time by contacting the Data Controller at the addresses provided in the aforementioned privacy policy.