Major security bug allows anyone to log in a Mac running OSX High Sierra

The attacker can easily gain access without a password


BEAMSTART

29 Nov, 2017

Major security bug allows anyone to log in a Mac running OSX High Sierra | BEAMSTART News

- From our Sponsors -

A major glitch on the latest version of OS X High Sierra allows a potential intruder to gain administrator access into a user's Mac simply by inputting "root" into the username field.

This is a major problem and could be detrimental to people who leave their computers unattended in public spaces.

The bug can easily by accessed simply by opening the Preferences window and then entering one of the panels that has a lock in the lower left-hand corner. 

By clicking on the 'lock', a login prompt appears requiring you to enter your username and password to make changes to the settings.

Typing root and hitting unlock allows you to gain access, even without a password.

This time however, entering 'root' in the username field will automatically allow you to bypass the panel and logs you in with administrator access even without a password.

The bug was first noticed by Lemi Orhan Ergin, founder of Software Craftsman Turkey, who published it on his Twitter account publicly..

Apple offered the following statement later today:

We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.

A quick workaround to this problem can be achieved by using the Directory Utility and setting a new password for your account. Users can easily access this by searching for it via spotlight.


- From our Sponsors -

Latest Jobs

Revenue Director (Go-to-market areas)

Pulppo

Mexico City, Mexico, United States

Full Time

USD 50000 — USD 80000 yearly

🤝🏼 Talent Lead

Replo

San Francisco, United States

Full Time

USD 100000 — USD 130000 yearly

People Partner Intern

Finku

Jakarta, Indonesia, United States

Internship

Salary Undisclosed

Full Stack Engineer

kapa.ai

United States

Full Time

USD 80000 — USD 119998 yearly

JavaScript Automation Intern

HiOperator

San Francisco, United States

Internship

USD 17 — USD 25 yearly

Senior Data Analyst

Vahan

Bengaluru, India, United States

Full Time

USD 2100000 — USD 3000000 yearly

Supplier Quality Engineer, Energy Storage

Moxion Power Co.

Richmond, CA, United States

Full Time

Salary Undisclosed

Senior Product Designer, Graphing

BioRender

Toronto, Canada, United States

Full Time

USD 130 — USD 240 yearly

Snr. Software Engineer (Backend)

SkyLink

New York, United States

Full Time

USD 125000 — USD 155000 yearly

QA Engineer - Intern

Peakflo

Singapore, Singapore, United States

Internship

USD 360000 — USD 600000 yearly

BEAMSTART

Community for Entrepreneurship

Based in Singapore