How to Fix: macOS High Sierra Flaw Allows Admin Access Without Password

29 Ноября, 2017, 01:09 | Author: Rosa Wright
  • Is the iPhone X really worth $1829? Apple’s macOS High Sierra has a ridiculously simple security flaw that could be exploited

A bug in the latest versions of macOS High Sierra allows users to create a root account with no password by repeatedly pressing a button in the preferences panel.

That's not all. If your Mac displays the name and password fields on the login window, instead of a list of users, you can also log into the entire Mac as root, without a password. All you need to do is set a password for your root account (even if you never plan on using it), and no one will be able to use it to login to your Mac.

After clicking unlock several times, it should eventually open up, no passwords necessary. The bug didn't work on a Mac with older software.

It can't be stressed enough: This is a critical security flaw that all Apple laptop and desktop owners shouldn't ignore. The Apple Support Twitter account acknowledged Ergin's tweet highlighting the issue but did not provide any additional comment. If the lock is unlocked, the machine is affected by the security flaw.

The only way an attacker could exploit this bug is if the macOS owner left his Mac unlocked and then left his desk.

Читайте также: Tom Baker to make cameo appearance in lost 'Doctor Who' episode

This is a developing story.

Some users are reporting that you can change your root password to fix the issue, but Apple has not issued official guidance yet. Then, click the "Join" button beside "Network Account Server" and a new panel will pop up. After signing in as a guest, it was possible to change security settings and install apps and software updates from the Mac App Store, just by typing the user name "root". Then from the menu bar at the top of the screen, click on the "Edit" menu and choose "Enable Root User".

You can patch this problem right now by creating a root account manually and giving it a secure password.

Currently, there is no official fix from Apple regarding the issue.

При любом использовании материалов сайта и дочерних проектов, гиперссылка на обязательна.
«» 2007 - 2017 Copyright.
Автоматизированное извлечение информации сайта запрещено.

Код для вставки в блог

Recommended:



Popular

UK Government backs clean growth in new Industrial Strategy plans
Antony Walker, deputy chief executive of techUK, said that the industry body "strongly welcomes" the government's commitment to the artificial-intelligence sector.

Miss South Africa Demi-Leigh Nel-Peters is Miss Universe 2017
The contestants have been touring, filming, rehearsing and preparing to compete for the Miss Universe crown in the Philippines. In her acceptance speech, Nel-Peters said she was both proud and humbled to have won and that her dreams had become a reality.

Sacramento Kings at Golden State Warriors game 20
Head coach Steve Kerr has said, in retrospect, the Warriors probably shouldn't have let Durant play against his former team. Durant will not play for the third consecutive game, and the fourth time in Golden State's past five games.

In the region: Radford to visit Wichita State for NCAA volleyball tourney
The team who wins will play on Saturday against the victor of the No. 9 seed Creighton and Coastal Carolina match. The match will mark the first meeting between WKU and Notre Dame and is the Fighting Irish's 19th NCAA appearance.

Vladimir Putin Signs Bill Targeting International Media Outlets
Russia's anti-media law is not the first time this month the country has painted groups as so-called foreign agents. It also forces news platforms like Reuters to provide the Russian government with funding sources.

Jamaica's Davina Bennett second runner-up in Miss Universe pageant
Making their debuts in this year's pageant were Laos' Souphaphone Somvichith, Cambodia's By Sotheary and Nepal's Nagma Shrestha. It is official! The newest Miss Universe 2017 has been finally crowned! She also holds a degree in business management.

Donald Trump Slams CNN International, Touts Loony Conspiracy Website
By undermining CNN journalists overseas , the president is directly attacking their "freedom and even safety". According to the head of the States, the rest of the world not they are the truth.

Michael Crabtree, Aqib Talib Ejected Following Fight
The fight began after Crabtree appeared to push Talib out of bounds, well after the whistle on a second-down play had blown. The brawl was started by Crabtree, who blocked Talib all the way off the field and didn't let up.

United States calls on Pakistan to arrest recently freed Islamist leader Hafiz Saeed
Hundreds of his supporters had gathered outside his house and showered rose petals on Saeed as he came out on Friday morning. The United Nations designated Saeed a terrorist, as leader of the Lashkar-e-Tayyiba organization of Islamic insurgents.

Google collects Android user location data even if location services are off
The probes follow a report by Quartz which found Android phones have been collecting addresses of nearby cellular towers. Google said the data was "immediately discarded" and promised to update phones to prevent it happening in the future.

Tendencies