Uh-oh, Apple.
After fixing that embarrassing macOS High Sierra bug that let anyone create a root account on a Mac without a root password, Apple introduced a new bug, albeit one far more benign.
The security update 2017-001, described her…
Category: High Sierra
Apple patches egregious macOS High Sierra security flaw
/https%3A%2F%2Fblueprint-api-production.s3.amazonaws.com%2Fuploads%2Fcard%2Fimage%2F663701%2F8d5fdb89-efd0-41d2-8043-35a55e7ba7ed.JPG)
A day after it was revealed that macOS High Sierra had a massive security problem that allowed unauthorized users to easily log into a Mac with admin access, Apple has released a patch for the bug.
SEE ALSO: Apple’s 10 biggest screw-ups, ranked
Yesterday Twitter user Lemi Ergin publicly revealed that if a user types “root” into the User Name field that comes up when making changes to System Preferences, and then hitting enter, the user will gain root-user access. They’ll also be able to log into the Mac anytime simply by going to “Other” at login and typing the “root” username again.
You can access it via System Preferences>Users & Groups>Click the lock to make changes. Then use “root” with no password. And try it for several times. Result is unbelievable! pic.twitter.com/m11qrEvECs
— Lemi Orhan Ergin (@lemiorhan) November 28, 2017 Read more…
More about Apple, Security, Mac, Macos, and High Sierra
View More Apple patches egregious macOS High Sierra security flawMacOS High Sierra vulnerability was publicly disclosed in an Apple forum weeks ago
/https%3A%2F%2Fblueprint-api-production.s3.amazonaws.com%2Fuploads%2Fcard%2Fimage%2F662860%2F45a2ca8f-dd2d-4fa2-954f-2ff18ddc97f7.jpg)
While Apple scrambles to issue a software fix for a major macOS High Sierra vulnerability, astute observers are wondering what took the company so long to react — after all, the problem was known about weeks ago.
It seems that on November 13, a commenter on an Apple developer forum disclosed the very vulnerability that today threw the infosec community into a frenzy. Oh, and it was called out 9 days ago on Twitter as well.
And just how bad is this security threat? Well, it’s not good. Essentially, it gives anyone with access to an unlocked computer the ability to set themselves as the root user — as well as log back in later to the locked computer at a time of their choosing. Read more…
More about Apple, Hackers, Hacking, Macos, and High Sierra
View More MacOS High Sierra vulnerability was publicly disclosed in an Apple forum weeks ago