For starters, he said attackers could use the flaw in conjunction with malware to elevate privileges locally to make changes to a system and add applications such as a keylogger. Wardle told Threatpost the implications of this bug are far reaching and go beyond simply gaining access to the local computer. The second time you click ‘OK’ that correctly authenticates the account and you have root access,” said Patrick Wardle, director of research with Synack. Behind the scenes that enabled the root account and then sets a blank password. “In High Sierra this bug now allows anyone become a system administrator who types ‘root’ in the authentication prompt and then hits enter. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.” To enable the Root User and set a password, please follow the instructions here. In the meantime, setting a root password prevents unauthorized access to your Mac. “We are working on a software update to address this issue. Users exploiting the bug authenticate as a “System Administrator” giving them full access to view any files on the system and change or reset passwords for other users of the same macOS system. Are you aware of it Lemi Orhan Ergin November 28, 2017 Anyone can login as "root" with empty password after clicking on login button several times. According to researchers, the bug works both the lock screen and System Preferences.ĭear we noticed a *HUGE* security issue at MacOS High Sierra. Are you aware of it researchers have since confirmed the macOS 10.13 bug, the most recent version of the OS. Anyone can login as ‘root’ with empty password after clicking on login button several times. “Dear we noticed a *HUGE* security issue at MacOS High Sierra. The bug was publicized Tuesday by developer Lemi Orhan Ergin, founder of Software Craftsmanship Turkey, via Twitter. A major bug in Apple’s macOS gives anyone with physical access to a computer running the latest version of the High Sierra operating system admin access simply by putting “root” in the user name field.
0 Comments
Leave a Reply. |