RSS Feed
November 29th, 2017 
Awake Goy
You Can Log Into macOS High Sierra as Root with No Password
November 29th, 2017
Via: Register:
A trivial-to-exploit flaw in macOS High Sierra, aka macOS 10.13, allows users to gain admin rights, or log in as root, without a password.
The security bug can be triggered via the authentication dialog box in Apple’s operating system, which prompts you for an administrator’s username and password when you need to do stuff like configure privacy and network settings.
If you type in “root” as the username, leave the password box blank, hit “enter” and then click on unlock a few times, the prompt disappears and, congrats, you now have admin rights. You can do this from the user login screen, too.
The vulnerability effectively allows someone with physical access to the machine to log in, cause extra mischief, install malware, and so on. You should not leave your vulnerable Mac unattended, nor allow remote desktop access, until you can fix the problem.
And while obviously this situation is not the end of the world – it’s certainly far from a true remote hole or a disk decryption technique – it’s just really, really sad to see megabucks Apple drop the ball like this.
<!–
–>
One Response to “You Can Log Into macOS High Sierra as Root with No Password”
<!– AD CAN GO HERE
END: AD CAN GO HERE –>
Leave a Reply
You must be logged in to post a comment.
Source Article from http://www.cryptogon.com/?p=52051
Posted in 
Tags: 
Dennis Says:
November 29th, 2017 at 1:30 am
Another ball drop: Try looking at Apple maps in landscape mode on iOS 11 on anything other than the ‘+’ models.
Useless.