![\"Month](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/12\/apple-security-month-review.jpg\")
<\/p>\n<\/p>\n
What a month! November brought to light a huge security vulnerability affecting macOS High Sierra, plus Mac malware that masquerades as anti-virus software, and specially crafted masks can fool Face ID (despite Apple’s claims). Read on for the details!<\/p>\n
![\"\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/12\/i-am-root-logo.jpg\"){kind=logo}
The biggest news of the month is still fresh in our memory. On November 28, the world became aware of a major security vulnerability in macOS High Sierra that could allow an attacker to enable the “root” administrator account on a victim’s Mac.<\/p>\n
A bug was introduced in macOS High Sierra 10.13, and remained in 10.13.1, that allowed an attacker\u00a0to invoke a system authentication dialog box, type “root” (the name of a powerful UNIX administrator account that’s disabled by default in macOS), and either enter no password or a password of their choosing, and macOS would enable the root account with the attacker’s chosen password.<\/p>\n
If a system running High Sierra had Screen Sharing enabled, it was even\u00a0possible\u00a0to exploit the vulnerability remotely, without having physical access to\u00a0the\u00a0Mac.<\/p>\n
Thankfully, Apple responded quickly after the bug\u00a0became widely known. By the next morning, Apple released a patch<\/a> and pushed it out to all High Sierra users.<\/p>\n There’s a lot more to this story! For all the juicy details, don’t miss our extensive coverage:\u00a0\u201cI Am Root\u201d: A Retrospective on a Severe Mac Vulnerability<\/a>!<\/p>\n Earlier this year, we reported\u00a0that variants of the Proton<\/a> malware were discovered\u00a0on the legitimate download sites of Handbrake and later Elmedia Software. In both cases, the developers’ legitimate apps\u00a0were\u00a0infected with malware and made available directly from the developers’ sites for a period of time without their knowledge.<\/p>\n A blog was discovered\u00a0that purported to be operated by Symantec, an anti-virus company. On this fake\u00a0anti-virus blog was a link to download a supposed “Symantec Malware Detector,” which in reality is just a Trojan horse designed to install the Proton malware onto victims’ Macs.<\/p>\n If a\u00a0victim were to download an ran the fake virus scanner, they would be prompted to enter their administrator username and password, at which point the malware would secretly infect the system and then display a fake virus scan (much like other fake antivirus<\/a> software has done in the past).<\/p>\n Intego VirusBarrier<\/a>\u00a0(which is\u00a0legitimate<\/em>\u00a0anti-virus software!) identifies the new malware variant as OSX\/Proton.D<\/strong>.<\/p>\n For lots more details, check out our article\u00a0Watch Out! A Fake Antivirus Blog is Distributing Proton Malware<\/a>, and listen to our new\u00a0Intego Mac Podcast episode<\/a> discussing it (have you subscribed<\/a> yet? ?).<\/p>\n Two stories surfaced in November claiming that the iPhone X’s new Face ID technology had been successfully tricked into unlocking Apple’s latest smartphone.<\/p>\n One story from CNET<\/a> reports\u00a0that Vietnamese hackers created a specially crafted face mask that allegedly was able to successfully spoof a real person’s face\u00a0to log into an iPhone\u00a0X. You can watch the mask makers’\u00a0proof-of-concept video<\/a>, which has been viewed 1.2 million times.<\/p>\n This is particularly interesting given that when Apple introduced the iPhone\u00a0X, Apple\u00a0executive Phil Schiller took the stage and\u00a0bragged\u00a0that\u00a0Apple had tasked Hollywood mask-making experts<\/a> with trying to fool Face ID, and their efforts were unsuccessful.<\/p>\n Hot on the heels of the original mask story came a report from Wired<\/a> that a 10-year-old boy was able to successfully and repeatedly unlock his mother’s iPhone\u00a0X.<\/p>\n The idea that a child could gain access to his parent’s phone, which may contain private information, seemed to really catch people’s interest; the family’s 41-second YouTube video<\/a> has been viewed more than 2.3 million times.<\/p>\n Apple’s Schiller\u00a0admitted<\/a> during the iPhone\u00a0X unveiling keynote that there’s a higher probability of false matches for people who\u00a0have\u00a0“a close\u00a0genetic relationship”\u00a0with the user.<\/p>\n This year at least one popular online retailer has been selling and openly promoting<\/em> ancient iPhones and iPads<\/a> for which Apple is no longer releasing security updates. Using a device online\u00a0when its\u00a0security is\u00a0years out of date is very\u00a0unsafe\u00a0and should be avoided.<\/p>\n Beware of “bargains” that may\u00a0come with\u00a0unexpected security risks.<\/p>\n If you have holiday shopping left to do, be sure to check out these articles for tips on how to ensure that the products you’re buying are secure and how to shop safely:<\/p>\n Caution! These Black Friday “deals” may be bad for your security<\/a><\/p><\/blockquote>\n![\"\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/12\/iamroot-attack.gif\")
The “I am root” attack in action. Image credit: Patrick Wardle<\/a><\/p>\nProton Malware Masquerades as Anti-Virus<\/h3>\n
![\"Fake](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/11\/Fake-Antivirus-Symantec-Proton-Malware-300x195.png\")
In November, the\u00a0makers of the Proton malware decided to try a different tactic to infect users.<\/p>\n![\"\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/11\/2-AdminCredentialsRequest.png\")
The fake antivirus\u00a0attempts to gain\u00a0admin privileges.<\/p>\nFace ID Fooled By Hackers\u2026 and a\u00a010-Year-Old Boy?<\/h3>\n
![\"\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/12\/BKAV-Face-ID-mask.png\")
This\u00a0mask can allegedly bypass Face ID. Image credit: BKAV via CNET<\/a><\/p>\n![\"\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/12\/BKAV-Face-ID-mask-2-113x150.jpg\")
In late November, AppleInsider<\/a> reported that the same Vietnamese group repeated the test, developing a second mask that allegedly fools Touch ID. They claim that the new mask cost\u00a0about U.S. $200 to make. Their second proof-of-concept video<\/a> much more convincingly demonstrates the authenticity of their work; the researcher turns off Face ID and then re-enrolls his face, then shows his face unlocking the iPhone, and then finally shows the mask unlocking the iPhone, all without any camera cuts.<\/p>\n![\"\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/12\/10-year-old-unlocks-moms-Face-ID.jpg\")
Boy’s face unlocks mom’s iPhone X. Image: Malik\/Sherwani<\/a>\u00a0via TechWorm<\/a><\/p>\nDangerous Gadget “Deals” Hit Holiday Shopping Season<\/h3>\n
![\"Caution!](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/11\/black-friday-deals-bad-security-300x168.jpg\")
Following the U.S. Thanksgiving holiday\u00a0are\u00a0“Black Friday” and “Cyber Monday,” two of the biggest shopping days of the year, when retailers have big sales to draw in customers at the theoretical start of the holiday shopping season. Sometimes these promotional sales seem a little too good to be true.<\/p>\n![\"\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/11\/dangerous-apple-devices-2.png\")
<\/p>\n