Interesting People mailing list archives
You can log into macOS High Sierra as root with no password
From: "Dave Farber" <farber () gmail com>
Date: Tue, 28 Nov 2017 16:21:39 -0500
Begin forwarded message:
From: Richard Forno <rforno () infowarrior org> Date: November 28, 2017 at 4:02:21 PM EST To: Infowarrior List <infowarrior () attrition org> Cc: Dave Farber <dave () farber net> Subject: You can log into macOS High Sierra as root with no password You can log into macOS High Sierra as root with no password By Shaun Nichols in San Francisco 28 Nov 2017 at 20:15 A trivial-to-exploit flaw in macOS High Sierra, aka macOS 10.13, allows users to gain admin rights, or log in as root, without a password. The security bug is triggered via the authentication dialog box in Apple's operating system, which prompts you for an administrator's username and password when you need to do stuff like configure privacy and network settings. If you type in "root" as the username, leave the password box blank, hit "enter" and then click on unlock a few times, the prompt disappears and, congrats, you now have admin rights. You can do this from the user login screen. The vulnerability effectively allows someone with physical access to the machine to cause extra mischief, install malware, and so on. While obviously not the end of the world – certainly far from a remote hole or a disk decryption technique – it's just really, really sad to see megabucks Apple drop the ball like this. Developer Lemi Orhan Ergan alerted the world to the flaw via Twitter ion the past hour or so: < - > http://www.theregister.co.uk/2017/11/28/root_access_bypass_macos_high_sierra/
------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580 Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125 Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20171128162146:21CF3B5C-D482-11E7-B1AC-EE6B154E07B1 Powered by Listbox: http://www.listbox.com
Current thread:
- You can log into macOS High Sierra as root with no password Dave Farber (Nov 28)