Jump to content

macOS High Sierra security flaw gives anyone full admin access – no password needed

sincity

By sincity
in Technology

 Share

Recommended Posts

sincity Newbie

sincity

Posted
Posted

A Turkish software developer has publicly revealed via Twitter that he has uncovered a massive security bug in macOS High Sierra, Apple’s latest operating system. 

The flaw grants anyone using a Mac machine admin access by just clicking ‘other’ on the login screen and using ‘root’ as the username, no password needed.

In fact, access to the computer can also be achieved using the username ‘root’ via System Preferences where, to change essential settings on locked Mac devices, users would normally need to enter their login details.

This bug seems to present in macOS High Sierra 10.13.1 – the current version – as well as in the macOS 10.13.2 beta, but does not affect older versions of macOS, like Sierra or El Capitan.

This doesn’t bode well for users on the latest release of macOS – leaving a Mac unattended could make anyone system administrator without any authentication, even when accessed remotely, revealing sensitive information.

Apple has confirmed that it is aware of the bug and is “working on a software update to address the issue.” The Cupertino-based giant released a statement describing how users can, in the meantime, temporarily fix the vulnerability by enabling the root user with a password.

CGZcC9DV_q8
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

About Us

We are glad you decided to stop by our website and servers. At Fearless Assassins Gaming Community (=F|A=) we strive to bring you the best gaming experience possible. With helpful admins, custom maps and good server regulars your gaming experience should be grand! We love to have fun by playing online games especially W:ET, Call of Duty Series, Counter Strike: Series, Minecraft, Insurgency, DOI, Sandstorm, RUST, Team Fortress Series & Battlefield Series and if you like to do same then join us! Here, you can make worldwide friends while enjoying the game. Anyone from any race and country speaking any language can join our Discord and gaming servers. We have clan members from US, Canada, Europe, Sri Lanka, India, Japan, Australia, Brazil, UK, Austria, Poland, Finland, Turkey, Russia, Germany and many other countries. It doesn't matter how much good you are in the game or how much good English you speak. We believe in making new friends from all over the world. If you want to have fun and want to make new friends join up our gaming servers and our VoIP servers any day and at any time. At =F|A= we are all players first and then admins when someone needs our help or support on server.

Player Gaming Stats for =F|A= Servers.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept