Category Archives: Macintosh Security

High Sierra Security Problem

How To Fix The November 2017 Mac OS X High Sierra Security Vulnerability

High Sierra Security Problem

High Sierra Security Bug Found

As noted in a tweet by Lemi Orhan Ergin in November of 2017, there apparently is a big security issue in the Users and Groups area of Mac OS X High Sierra (it doesn’t appear to happen in earlier versions of Mac OS X).

Here’s the gist of the problem that Lemi Orhan Ergin found:

“We noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as “root” with empty password after clicking on login button several times.”

Fortunately, there is an easy fix until this gets patched (which may have already happened in the upcoming Mac OS X 10.13.2 beta). The fix is to assign a strong password to the built-in root account by following the instructions given by Apple here. In essence, you have to perform the following steps:

  1. Choose Apple menu () > System Preferences, then click Users & Groups (or Accounts).
  2. Click lock icon, then enter an administrator name and password.
  3. Click Login Options.
  4. Click Join (or Edit).
  5. Click Open Directory Utility.
  6. Click lock icon in the Directory Utility window, then enter an administrator name and password.
  7. From the menu bar in Directory Utility:
    • Choose Edit > Enable Root User, then enter the password that you want to use for the root user.

You can also set a password with the Terminal by typing in ‘sudo passwd -u root’ and hitting return.

 

How to Check For Malware on the Mac

Macintosh Malware and Antivirus Support

Stay safe from virus and malware activity on your Macintosh with these simple tips.

Do you think your Mac has been infected by malware or a virus? It’s always possible, and here’s some ways to check.

Is it a virus? Is it malware?

First of all, don’t blame every single problem on malware or a virus. Many problems on the Mac appear to be virus related, but, actually are system related. If you’re not surfing underground sites or downloading software from places you shouldn’t, you shouldn’t have any virus or malware activity. In the off chance that you do get a virus or malware, here are some basic things you should do to get rid of the malware or virus on your Mac.

Let’s start with the browser.

Google Chrome for the MacOn the Macintosh, you have a few choices for web browsers. The big three browsers that most people use are Google Chrome, Safari, and Firefox. Of these particular browsers, we prefer Google Chrome as our day-to-day browser. Google chrome for Mac is a fairly lightweight browser, has great security controls, and doesn’t seem to have the issues that the other browsers tend to have. Another great feature of Google Chrome is that it has Adobe Flash built right into it. This means you’re not hounded by the constant warnings to upgrade Adobe Flash. This is not to say Safari and Firefox are not safe, we just have a better track record with Google Chrome across-the-board. It’s wise to be careful what extensions you do load into Google Chrome. Only stick to known good browser extensions that are featured on the Google app store. if you do need to stick to using Safari as your daily web browser, you should turn off the extensions. Extensions and toolbars are a common way for malware and viruses to get into your Mac.

Use free Malware and Virus checking software

The best free software we have found to detect malware on your Mac is Malwarebytes. This software is remarkably easy-to-use, and can be run once or twice a week to check for any malware on your Macintosh based computer. We’ve been surprised a few times to find that we actually did have malware and the software has found it and deleted it every single time. This software doesn’t run automatically; you will have to run it by yourself once in a while. Another great piece of software we have found the check for viruses and malware on a Mac is from the company Sophos. This free software does run continually on the Macintosh and is also a good, lightweight piece of software for checking viruses and malware on a Mac. Apple can also detect and defeat certain malware from their end which is built into the Macintosh operating system. This is obviously not the best option because you have no control over what it finds and what it gets rid of.

Did MalwareBytes find malware on your Macintosh?

View Results

Loading ... Loading ...

Backing up your data is a wise move

With good data backups, a good portion of malware and viruses shouldn’t affect your data. Even better, have multiple backup options so your main data backup doesn’t get infected. We prefer multiple hard drives, and Google Drive as our backup options. Apple provides the Time Machine software that can back up every single Mac for free. All you have to do is provide an external hard drive for this option to work.

Be incognito whenever possible

Most browsers today offer an incognito mode, Or stealth mode, which hides your browsing activities. If there are sensitive sites you travel to, using one of the stealth modes may help limit the malware and virus activity on your Mac. The stealth mode can stop tracking and automatically turn off cookies on these sites as you visit them, which aids in your protection.

Stay away from filesharing and torrent sites

A lot of virus and malware activity on a Mac comes from filesharing and torrent sites. You should limit access to the sites if at all possible, especially if other family members are using the Mac. A good option in this case is to use a DNS filtering service such as OpenDNS to stop people in your household from accessing these and other dangerous sites.

Everyone should not be an administrator on the Mac

If your Mac has multiple users, and all them are set up as a administrators, this is not a good situation. This simply means that anybody using the Macintosh has full privileges on the Mac. They would actually be able to install any piece of software, including malware, that they deemed fit. Changing these users to standard users is a great way to bypass this problem. By making them standard users, they don’t have the privileges that an administrator would have. Therefore, they would not be able to make any changes on the system at all. By teaching these users good browsing habits, you should be able to limit the amount of malware and virus activity on your Mac.

Please consider a small and secure donation if this post helped you with your issue!




Changing the date to January 1, 1970 will brick your iPhone

iPhone January 1970 Date BugIf you see this image (originally posted on the 4chan website), do NOT follow it’s advice, under any circumstances–it’s a trap!

Apparently there is a nasty bug on any 64-bit iOS device (such as an iPhone or iPad) that will cause the device not to no longer boot if the user sets the time and date to January 1, 1970. Even scarier, you cannot simply restore the iPhone at this point–you have to physically bring the bricked iPhone to your local Apple Store to have a hardware repair done on the device. This sinister date, 1/1/70, is basically an internal value of zero on a Unix operating system, which causes the software to crash, taking your iOS device along with it.

What should I do about this problem?

You would be wise to A.) not perform this trick yourself and B.) don’t allow anyone to perform this trick on your device unless you feel like traveling to the nearest Apple Store. This image circulating around the internet seen above is a terrible hoax and will brick your iOS device.

What does an “Error 53” mean on an iPhone?

iPhone 6 Error 53Does your iPhone show the dreaded “Error 53” since updating to iOS 9? We attempt to get to the bottom of this iPhone controversy.

What does the Error 53 actually mean?

Simply put, this error is a currently unfixable error that is displayed by Apple’s iTunes software after restoring an iPhone, usually an iPhone 6 and iPhone 6 Plus. In essence, the iPhone becomes “bricked,” or rendered completely unusable and traps the device into recovery mode. The data that was on the iPhone is also now locked on the device and cannot be rescued by the user or Apple. There is limited evidence that any of the other iPhone versions are susceptible to this error, such as the iPhone 5 versions. Even iPads with Apple’s Touch ID sensors can also throw this error 53 after restoring or updating.

What is the root cause of this mysterious Error 53?

According to statements released by Apple, the cause of the iOS Error 53 stems from the replacement of a user’s home button, Touch ID, display or any of the other components that make up the fingerprint sensor area by any outfit other than Apple themselves. In other words, if you were to have your home button (or even full display) replaced by a kiosk or other non-Apple repair shop, you will most certainly see the dreaded Error 53.

Apple Touch ID Sensor

Simply repairing your iPhone at a non-Apple store can render your device bricked forever.

The reason for this (according to Apple) is that iOS checks that your Touch ID sensor matches the other on-board components during a software update or iOS restore. This simple set of checks supposedly keeps the features related to Touch ID secure, just in case a malicious party tries to swap out this critical part in an attempt to steal your personal data and credentials. This fingerprint data is stored in an area on your IPhone known as the “Secure Enclave,” which was designed by Apple to store this data securely and safely. If a 3rd-party Touch ID module fails this onboard check, the secure data is forever encrypted and protected and no longer accessible.

When Apple themselves replace this critical part, they perform a procedure to recalibrate the iPhone parts back together again, which allows the onboard checks to pass. Users who have the iPhone fixed at an Apple Store will not see this dreaded Error 53 after restoring or updating.

 

Most of the iPhone community including many repair websites are claiming that this is a very bad move on Apple’s part. In essence, Apple seemingly is making sure that iPhones cannot be serviced anywhere but a genuine Apple Store.

What is the fallout of the Error 53 situation?

Error 53 Class Action Lawsuit

Law firms are already mounting class-action lawsuits over the error 53 situation

At this point, several news agencies are reporting that class-action lawsuits are being mounted against Apple for this move and the Apple discussion boards are being flooded by users with the Error 53 on their iPhones and iPads.

How do you fix an Error 53 on an iPhone?

At this time, there is no known solution to this error and Apple has not given any more direction since their last statement describing why the error 53 is happening on modified iPhones and iPads.

I haven’t gotten the Error 53 yet. Why?

If you have had any modifications or repairs to your IPhone or iPad that were not done by Apple themselves, we highly suggest that you do not do any further software updates to the device until a solution is found for the error 53 problem. If you need any further repairs done on the device, you would be best served by the Apple Store or AppleCare helpline. Apple has the proper equipment to fix your device and recalibrate it correctly so you don’t see the error 53. If you no longer have access to the old parts from your repair (not that they would work anyway), you would be forced to purchase a brand-new iPhone.

Contact Apple for resolution.

If you have the dreaded iPhone Error 53 issue, please contact Apple as soon as possible by clicking here.

Has Your Apple ID Account Been “Frozen?”

Phishing for Apple ID AccountsThere’s another new scam going around that appears to be from places such as “katzweb.net” and other sites telling you that your AppleID account has been “frozen,” and that you should “verify your account.” This is complete nonsense and a horrible “phishing” attempt. Phishing is when a person or company that is not the real person or company attempts to get private and sensitive information from you, such as credit card numbers or social security numbers. This is NOT real and you should NEVER give your personal data away in these instances. Unless you are directly talking to an Apple employee (via the Apple.com website or 1-800-APL-CARE support line), you will have serious issues when these sites get your personal data.

If you are contacted by anyone or any company requesting data that has anything to do with an AppleID, you should forward that suspicious (although very real looking) email to Apple support located at reportphishing@apple.com. They will be able to determine if this was a real or fake request and they will contact you directly.

Be safe out there!