- #Fix for apple os high sierra hack install#
- #Fix for apple os high sierra hack update#
- #Fix for apple os high sierra hack pro#
- #Fix for apple os high sierra hack software#
Videos posted online show people using the hack at the login screen, leaving the password field empty, and appearing to get unrestricted access to the machine.ĭear we noticed a *HUGE* security issue at MacOS High Sierra.
#Fix for apple os high sierra hack software#
The bug was first reported by Turkish software developer Lemi Orhan Ergin, who contacted Apple on Twitter to inform it of the “unbelievable” find. “If a root user is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section,” it added. “Setting a root password prevents unauthorised access to your Mac,” Apple said.
#Fix for apple os high sierra hack update#
I don't envy sys admins in large academic environments either.Apple has advised customers to set an administrative password while it resolves a security issue in the latest version of its Mac operating system.Ī “huge” flaw in MacOS High Sierra means it is possible for anyone using an Apple computer to access an admin account without even entering a password, if the computer has first been free to access while unlocked.Īpple issued instructions through its support website to help protect customers from any potential hacks while it is “working on a software update to address this issue”. Seems like there might be some blood on the floor over this one, at least at some organizations. This is probably exercisable remotely if remote logins are enabled (screen sharing, anyway) I don't think anything I did would not be doable through a remote login (but I have not the means to test at the moment). Logs right in, shows the username in the upper left of the screen as "System Administrator." The account has root access to the machine.
Now when I go to the login screen, I have an "Other" account showing if I click "Other" I get a username and password dialog box if I enter "root" as the username with a blank password Bob's your uncle. Went to the top-level of the file system did a "Get Info" on a folder I didn't have access to asked it to show me "Sharing and Permissions" clicked the lock icon to unlock them got a username/password dialog box entered "root" as the username with a blank password once the dialog box shook and cleared entered "root" with a blank password again, and the action completed with the lock unlocked. I logged into a non-privileged account that I keep around for testing purposes. My login screen is set to only offer the pre-defined user accounts.
#Fix for apple os high sierra hack pro#
I have a MacBook Pro that I upgraded to High Sierra (10.13.1) over Thanksgiving. So, keep the account enabled and set a root password right now." The Register notes: "If you have a root account enabled and a password for it set, the black password trick will not work. Developer Lemi Orhan Ergan was the first to alert the world to the flaw. And while obviously this situation is not the end of the world - it's certainly far from a remote hole or a disk decryption technique - it's just really, really sad to see megabucks Apple drop the ball like this. You should not leave your vulnerable Mac unattended until you can fix the problem.
#Fix for apple os high sierra hack install#
The vulnerability effectively allows someone with physical access to the machine to log in, cause extra mischief, install malware, and so on. You can do this from the user login screen. If you type in "root" as the username, leave the password box blank, hit "enter" and then click on unlock a few times, the prompt disappears and, congrats, you now have admin rights. The security bug is triggered via the authentication dialog box in Apple's operating system, which prompts you for an administrator's username and password when you need to do stuff like configure privacy and network settings.
An anonymous reader quotes a report from The Register: A trivial-to-exploit flaw in macOS High Sierra, aka macOS 10.13, allows users to gain admin rights, or log in as root, without a password.
0 kommentar(er)
