This MacOS High Sierra Bug Lets Anyone Login Into A Mac

Lemi Orhan Ergin on Twitter:

"We are working on a software update to address this issue", Apple said.

To gain root access to a computer running the affected software, all that is necessary is to log on to the computer using the username "root" and leaving the password field empty, and then pressing "enter" several times.

The security update - which Apple advises should be installed "as soon as possible" - is being pushed out via the Mac App Store. Taking advantage of the bug from there requires the user to click "other" and then enter the same "root" username with no password.

Just yesterday, we reported a serious bug in macOS High Sierra that enabled the root "superuser" on a Mac with a blank password and no security check.

Turkish software developer Lemi Orhan Ergin tweeted the tech giant to say he had discovered the bug.

To change the root user password, Click on the Apple menu icon, then System Preferences and click Users & Groups (or Accounts).

Apple has responded to the reports and assures a software fix is on its way.

India welcomes Ivanka Trump at business summit
But she said that in developing countries, 70% of women-owned small and mid-sized businesses have no access to capital. The senior White House adviser has always been considered a sort of whisperer when it comes to her powerful father.

Everyone with a Mac needs to set a root password NOW.

Apple has indicated it is working on an emergency patch, but has advised users in the meantime to set a root password.

Even though you couldn't exploit this hole remotely, at least by default, it was an astonishing lapse by Apple.

Ironically, the support forum thread, a community discussion that seems to have gone unnoticed by Apple itself, was about losing administrator access after updating to High Sierra - and this very bug was presented as a handy hack to restore things to normal. "This is really REALLY bad".

The company admitted it "stumbled" with the latest release of MacOS. In fairness to Apple, it's the simple kind of error that even security testers might skip checking, because no one expects an error this obvious to get made in the first place.

In the case of a fix for this latest vulnerability, "I would imagine [Apple] will be pushing it out as a high priority", Cluley said.

The flaw has since been closed by Apple with an update released Wednesday morning.

Related:

Comments

Latest news

Uber Hit With First State Lawsuit for Keeping Data Breach Secret
Violations carry fines of up to US$2,000, and Ferguson said each day Uber failed to notify each customer constitutes a violation. If that penalty were applied to each of the affected drivers in Washington, it would total almost $22 million in penalties.

Original "Jersey Shore" Cast Headed Back To MTV In Revival Series
By popular demand, MTV is bringing back the OG Jersey Shore for a new reunion, so start your GTL in preparation. Just like the original show, there will be nonstop partying and drinking in the hottest beach in town.

Popular Las Vegas Poker Room Robbed At Gunpoint
They surrendered the money quietly, so no customers would get hurt. John Pelletier of the Las Vegas Metropolitan Police. Excellent staff, cool under pressure", he added.

'Tis the season: Melania Trump unveils White House Christmas decor
Trump's fiercely private schedule proves she doesn't want the First Lady spotlight. "I want to see Christmas ". Among the standards are an 18-foot fir tree in the Blue Room, and a 350-pound gingerbread White House .

Wenger confirms future of Ozil and Sanchez
Arsene Wenger has denied Mesut Ozil has already agreed to move to Barcelona when his contract expires at Arsenal . As far as I'm concerned, they'll stay until the end of the season unless something unbelievable happens.

Clippers F Griffin out two months
So Rivers has made his son Austin the point guard alongside Lou Williams - the backup backcourt at the start of the season. Kuzma's double-double was a single-game high for an National Basketball Association rookie this season.

Woman Offering Dubious Claims About Moore Appears Linked To James O'Keefe
But the reporter grew suspicious after a post online put Phillips' motivations into question. The video featured a series of secretly recorded conversations with Post employees.

Is Leicester vs Tottenham on TV? Where can you watch it?
Tottenham then had a brilliant chance to equalize on the counter following a Leicester corner. Much like the man himself, Claude Puel's start to life at Leicester has been fairly quiet.

Cybersecurity Experts trick iPhone X Face ID Technology with 3D Printed Mask
However, at that time, questions were raised whether the company had turned the Face ID's "Required Attention" feature on or not. Face ID is enabled during the video to show that is in fact his real face used during setup and then unlocked via the mask.

A Shortage Of Christmas Trees
When you take it indoors, remember that cooler temperatures and higher humidity will prolong the life of the tree. But in Minnesota, we have thousands and thousands of trees available. "You want a tree that will fit your spot".

Team Field Announced For NIVC Tournament
As soon as the TV analysts on Sunday's selection show brought up the Huskers, Staiger coolly remarked, "I want to play them". The top four seeds in the tournament include No. 1 Penn State, No. 2 Florida, No. 3 Stanford and No. 4 Kentucky.

Background checks for guns purchases set Black Friday record
Mr Obama had previously told BBC News that his biggest regret as president was not passing "meaningful" gun reform during his time in office.

Prince Harry is getting married; Inside the cost of royal weddings
The Church of England agreed in 2002 that divorced people could remarry in church at the discretion of the priest. Personally, I love a great love story", she continued, referencing their choice to keep private.

Oscar Pistorius murder sentence increased from six to 13 years
Tania Koen, a spokeswoman for the Steenkamp family, said: "This is an emotional thing for them". The Organisation Justice for Victims tweeted that 13 years was "still no justice".

Hints that Flynn's Team Is Now Cooperating With Mueller Investigation
It's possible that Flynn is merely in discussions with Mueller's office, and that those talks will ultimately fall through. Kian didn't reply and Flynn's lawyer, Robert Kelner, wasn't immediately available to discuss the report, the Journal said.

Other news