Page 1 of 1
Anyone can unlock your Mac by typing "root"
Posted: Tue Nov 28, 2017 5:09 pm
by ttf_robcat2075
Unbelievable oversight or most unhidden backdoor ever?
Anyone Can Hack MacOS High Sierra Just by Typing "Root"
QuoteAnyone who hits a prompt in High Sierra asking for a username and password before logging into a machine with multiple users, they can simply type "root" as a username, leave the password field blank, click "unlock" twice, and immediately gain full access.
In other words, the bug allows any rogue user that gets the slightest foothold on a target computer to gain the deepest level of access to a computer, known as "root" privileges.
Quote...howeverand other researchers confirmthat it's possible to block the attack by either setting a password for the root user, or disabling root access altogether. If you've installed High Sierra and haven't set a root password or disabled root access, you should do it now.
Anyone can unlock your Mac by typing "root"
Posted: Tue Nov 28, 2017 10:30 pm
by ttf_Matt K
Interesting. Mac is an UNIX and that's *sort of* the standard for other UNIX machines. Except when you setup those operating systems, normally you are required to set a password for root and cannot continue unless you set one or go through a mildly tedious process to disable the password. I've never even tried to not set a root password on any machine I've setup but I imagine if you went through the process, you'd end up with a 'null' password, and have the same 'bug' even though it is technically intended in that circumstance.
Anyone can unlock your Mac by typing "root"
Posted: Thu Nov 30, 2017 2:38 pm
by ttf_anonymous
It's already patched.
Anyone can unlock your Mac by typing "root"
Posted: Sat Dec 02, 2017 5:49 pm
by ttf_M.R.Tenor
Quote from: RabidDolphin on Nov 30, 2017, 02:38PMIt's already patched.
If everyone's done the updates...
Anyone can unlock your Mac by typing "root"
Posted: Sun Dec 03, 2017 6:16 am
by ttf_Todd Jonz
sudo passwd root
Anyone can unlock your Mac by typing "root"
Posted: Sun Dec 03, 2017 10:08 pm
by ttf_SilverBone
Quote from: Todd Jonz on Dec 03, 2017, 06:16AMsudo passwd root
Nooooooooooooo.............
sudo is supposed to be a secret reserved for computer high priests.
Anyone can unlock your Mac by typing "root"
Posted: Mon Dec 04, 2017 7:59 am
by ttf_Todd Jonz
robcat2075 writes:
> Unbelievable oversight or most unhidden backdoor ever?
Apple reached new heights of sheer sloppiness last week. I suspect there were some personnel changes in Apple's release management group. Let's review:
1. A bad macOS release goes out allowing anyone to login as root without a password.
2. Apple releases a patch without adequate testing and unwisely decides to have Software Update install it on customer devices without user intervention. The patch fixes the root login problem but breaks File Sharing. Apple develops and releases yet another patch.
3. A crash loop reported by numerous iOS 11.1.x users does not appear to affect 11.2 beta testers, so Apple decides to rush 12.2 out the door. The release notes announce the availability of Apple Pay Cash (person-to-person transfers) but it doesn't work because the backend won't be turned on for another week.
Anyone can unlock your Mac by typing "root"
Posted: Mon Dec 04, 2017 8:04 am
by ttf_BGuttman
Wonder if this applies to Linux as well...
Anyone can unlock your Mac by typing "root"
Posted: Mon Dec 04, 2017 8:30 am
by ttf_Todd Jonz
Bruce writes:
> Wonder if this applies to Linux as well.
No.
Anyone can unlock your Mac by typing "root"
Posted: Thu Jan 25, 2018 4:41 am
by ttf_Driswood
Another reason for me to stay with El Capitan.
Jerry Walker
Anyone can unlock your Mac by typing "root"
Posted: Thu Jan 25, 2018 4:41 am
by ttf_Driswood
Another reason for me to stay with El Capitan.
Jerry Walker