Skip to main content

Major Apple security flaw grants admin access on macOS High Sierra without password



There’s a major flaw in Apple’s macOS High Sierra operating system that allows anyone with physical access to a Mac to gain system administrator access without so much as entering a password. Late Tuesday, Apple confirmed that it’s working on a software update to fix the issue and published step-by-step instructions to help customers protect their machines in the meantime.
The vulnerability was publicly disclosed on Twitter this afternoon; it’s not clear whether the problem was privately reported to Apple ahead of time, which is the encouraged practice when security vulnerabilities are uncovered. (The company maintains an invite-only bug bounty program.) Despite its incredibly alarming simplicity, The Verge is not reproducing the steps to bypass High Sierra’s login screen here. It does not affect Sierra or other previous macOS versions.

However, The Verge has been able to confirm the major security issue remains present as of MacOS 10.13.1, the current release of High Sierra. When the problem is exploited, the user is authenticated into a “System Administrator” account and is given full ability to view files and even reset or change passwords for pre-existing users on that machine. Apple ID email addresses tied to users on the Mac can be removed and altered, as well. There are likely many more ways that someone taking advantage of the issue could wreak havoc on a Mac desktop or laptop.
The level of unbridled access this security hole permits — and it abruptly being made public — will almost certainly prompt Apple to move fast in releasing an update for its Mac operating system. The company hasn’t yet provided a release timeframe for that update.
Until that happens, the best way to protect your Mac against the issue reported today is by ensuring that you’ve set a root password. To do that, go to System Preferences > Users & Groups > Login Options > Join > Open Directory Utility > Edit pulldown menu. Enable the Root User if you haven’t already and then choose Change Root Password.



Continue Reading: Major Apple security flaw grants admin access on macOS High Sierra without password
Labels:

Comments

Post a Comment

Popular posts from this blog

Sex robot SHOCK: Increasing sophistication of AI will cause massive issues, experts warn

The growing sophistication of creepily real sex robots is leading to moral and legal dilemmas, a leading academic has warned. As technology has expanded sex robots have become increasingly lifelike, bringing about a the need for a revolution in how we think about sex, morals and the legal status of these sex robots, according to Kent Law School Professor Robin Mackenzie. Prof Mackenzie specialises in areas such as robotics and the ethical and legal relations between humans and robots. She said: "Sex, law and ethics will never be the same. Sooner than we think, technologists will create sentient, self-aware sex robots, capable of emotional/sexual intimacy.” Prof Mackenzie added: "Humans having sex with other humans who are unable to consent to sex, like children and adults lacking decision-making capacity, is seen as unlawful and unethical. So is human/animal sex. Such groups are recognised as sentient beings who cannot consent to sex with interests in ne
Post a Comment
Read more

Colbert Thinks He Has Proof That Trump Watches His Show

“ Late Show ” host finds hidden meaning in a Trump tweet. TONIGHT: Our host is still riding high off last night's interview with James Comey, and the amazing new friendship that blossomed backstage. #LSSC #ComeyOnColbert pic.twitter.com/zoEsSbmNdu — The Late Show (@colbertlateshow) April 19, 2018 Stephen Colbert opened Wednesday night’s show with a crack at both President Donald Trump and Fox News host Sean Hannity . The “Late Show” host wondered if the president watched his Tuesday interview with former FBI Director James Comey. “I hear he doesn’t watch TV hosts who don’t share his lawyer,” Colbert quipped. But maybe Trump was watching after all. Colbert thinks he may have found proof in a presidential tweet. Check it out in the clip above. Continue Reading: Colbert Thinks He Has Proof That Trump Watches His Show
Post a Comment
Read more

Watch: The royal wedding in 90 seconds

From the fiery preacher to the gospel choir to the vows, see all the video highlights from the Duke and Duchess of Sussex 's Royal Wedding . Continue Reading: Watch: The royal wedding in 90 seconds
Post a Comment
Read more