Major macOS High Sierra Security Vulnerability Allows Full Admin Access Without Password, So Here Is A Fix For It

There is a serious bug discovered in macOS High Sierra that someone with physical access to a macOS machine can access and change persona...

There is a serious bug discovered in macOS High Sierra that someone with physical access to a macOS machine can access and change personal files on the system without needing any admin credentials. The bug, found by developer Lemi Ergin, lets anyone log into an admin account using the username "root" with no password. 


This security vulnerability works when attempting to access an administrator's account on an unlocked Mac, and it also provides access at the login screen of a locked Mac. Which means Users who haven’t disabled guest user account access or changed their root passwords (likely most) are currently open to this vulnerability.

The first step to fixed the bug is disabling guest account access. This can make it more difficult for an attacker to jump in and change system settings. After you disabled guest access, the next step is to changing the system’s root password. This can put a stop to the vulnerability altogether. Here’s how!
  1. Go to System Preferences, then click Users & Groups (or Accounts).
  2. Click the lock icon, then enter an administrator name and password.
  3. Then Click Login Options.
  4. Click Join (or Edit).
  5. Click Open Directory Utility.
  6. Click the lock icon in the Directory Utility window, then enter an administrator name and password
  7. Choose Edit > Enable Root User, then enter the password that you want to use for the root user.

It appears that this bug is present in the current version of macOS High Sierra, 10.13.1, and the macOS 10.13.2 beta that is in testing at the moment. It's not clear how such a significant bug got past Apple, but it's likely this is something that the company will immediately address.

Update:

“We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.”

Via MacRumors And 9to5Mac, Image Credit MR And 9to5Mac

COMMENTS

الاسم

(Product)RED,2,#Accessory,2,#App Store,1,#Apple,2,#Apple Music,3,#Apple Park,4,#Apple Pay,4,#Apple Security,3,#Apple Watch,10,#Battery,5,#Bug,1,#CarPlay,2,#Cydia,1,#Face ID,1,#Facebook,1,#FM,1,#Games,2,#HomeKit,2,#HomePod,14,#HowTo,5,#iMac,2,#iMac Pro,3,#Intel,2,#iOS,2,#iOS 11,5,#iOS 11.3,6,#iOS 11.4,1,#iOS 12,2,#iPad,2,#iPhone,21,#iPhone 8,1,#iPhone SE,3,#iPhone SE 2,9,#iPhone X,11,#iPhone X Plus,3,#Jailbreak,13,#Lawsuit,1,#Mac,3,#Mac Pro,2,#MacBook,5,#macOS,10,#MFi,1,#Microsoft,1,#OnePlus,1,#Original Content,2,#Patent,3,#Samsung,1,#Self-Driving,2,#Siri,4,#Tim Cook,1,#Touch ID,2,#TSMC,1,#TV,2,#Wallpaper,1,#watchOS,2,#WWDC,3,3D Touch,2,4G,1,5G,21,A,1,A11,2,A12,9,A13,3,A14,5,A14. iPhone 2020,1,A16,1,AAPL,18,ABC News,1,Accessibility,1,Accessories,87,Accessory,3,Activity,1,Ad,6,Adobe,4,Ads,3,AI,1,Airbnb,1,AirDrop,1,AirPlay,3,AirPlay 2,2,AirPod,2,AirPod Pro,1,AirPods,51,AirPods 2,5,AirPods 3,6,AirPods Pro,14,AirPods Studio,4,AirPort,4,AirPower,26,AirTag,4,AirTags,9,Amazon,11,AMD,2,Android,19,Antitrust,1,App,46,App Store,36,Apple,1950,Apple Arcade,11,Apple Books,1,Apple Camp,1,Apple Car,3,Apple Card,25,Apple Design Awards,2,Apple Event,34,Apple Events,3,Apple Glasses,3,Apple ID,4,Apple Intelligence,1,Apple Map,2,Apple Maps,11,Apple Music,43,Apple News,3,Apple News+,6,Apple One,3,Apple Park,9,Apple Pay,30,Apple Pay Cash,3,Apple Pencil,7,Apple Retail,12,Apple Security,20,Apple Store,56,Apple TV,36,Apple TV+,33,Apple Wacth,1,Apple Watch,157,Apple Watch 6,7,Apple Watch SE,1,Apple Watch Series 7,1,Apple. Chip,1,AppleCare+,1,Applle,1,Apps,2,AR,16,AR Glasses,13,ARM,18,Bands,4,Battery,33,Beats,11,Beddit,1,Best Buy,1,Beta,31,Bill Gates,1,Black Friday,2,Bloomberg,2,Boot Camp,1,Bose,1,Bug,18,Cable,4,Camera,12,Campis,1,Campus,1,Car,3,CarKey,1,CarPlay,7,Carpool Karaoke,3,Cases,1,CCC,1,CES,4,Charger,5,China,18,Chip,3,Chrome,2,Coding,1,Concept,8,Consumer Reports,1,Coronavirus,45,CPU,1,Credit Card,1,Cydia,1,Dark Sky,2,Deals,8,Developer,7,Dialog,1,Display,2,Dongles,2,Earnings,20,EarPods,1,Economy,2,Edge,1,Education,5,Emoji,11,Environment,8,eSIM,1,EU,3,EU. News,1,Event,7,Events,4,Exploit,1,Face ID,20,Facebook,1,FaceTime,4,FBI,2,FCC,4,featured,12,Final Cut Pro,3,Firefox,1,Fitbit,1,FM,2,Foldable,1,Foldable iPhone,6,Fortnite,4,Forum,1,Foxconn,5,France,2,Galaxy S9,1,Game,3,Games,6,gaming,7,Geekbench,2,Germany,1,Gift,1,Gift Card,1,Google,31,Hack,7,Haptic Touch,2,Headphones,9,Health,32,HomeKit,10,HomePod,45,HowTo,78,Huawei,5,iCloud,13,iFixit,11,iMac,12,iMac Pro,3,iMessage,2,India,13,Intel,15,iOS,141,iOS 10,1,iOS 11,13,iOS 11.3,2,iOS 11.4,2,iOS 12,93,iOS 12.1,3,iOS 12.4,1,iOS 13,72,iOS 13.1,8,iOS 13.1.1,1,iOS 13.1.2,1,iOS 13.1.3,1,iOS 13.2,6,iOS 13.2.2,3,iOS 13.2.3,1,iOS 13.3,12,iOS 13.3.1,6,iOS 13.4,9,iOS 13.4.5,3,iOS 13.5,8,iOS 13.5.5,1,iOS 13.6,4,iOS 13.6.1,1,iOS 13.7,2,iOS 14,48,iOS 14.0.1,1,iOS 14.1,1,iOS 14.2,4,iOS 14.2.1,1,iOS 14.3,2,iOS 14.4,3,iOS 14.4.1,1,iOS 14.5,3,iOS 15,2,iOS 16,1,iOS 16.4,1,iOS 18,1,iOS 9,1,iOS beta,3,iOS11,32,iOS12,2,iPad,97,iPad 8,1,iPad Air,8,iPad Mini,2,iPad Pro,65,iPadOS,17,iPhone,250,iPhone 11,31,iPhone 11 Pro,13,iPhone 11 Pro Max,9,iPhone 12,15,iPhone 12 mini,2,iPhone 12 Pro,6,iPhone 13,3,iPhone 13 Pro,1,iPhone 14 Pro,1,iPhone 16,1,iPhone 20020,1,iPhone 2018,34,iPhone 2019,51,iPhone 2020,97,iPhone 2021,10,iPhone 2022,3,iPhone 2023,1,iPhone 3GS,1,iPhone 8,4,iPhone 8 Plus,1,iPhone 9,11,iPhone OS,1,iPhone SE,3,iPhone SE 2,26,iPhone SE 3,1,iPhone X,89,iPhone X Plus,1,iPhone XE,1,iPhone XR,32,iPhone XS,37,iPhone XS Max,4,iPhone2018,5,iPhones,3,iPhoneSE2,1,iPhoneX,1,iPod,6,iPod touch,8,iTunes,12,iWork,1,Jailbreak,25,Jony Ive,6,KaiOS,1,Keyboard,8,KGI,11,Kuo,40,Laptop,3,Lawsuit,11,LCD,1,Leadership,1,Leak,15,LG,9,Live Radio,1,Logic Pro X,3,Logo,2,Luna Display,1,M1,3,Mac,92,Mac App Store,1,Mac Mini,5,Mac OS 8.1,1,Mac Pro,18,MacBook,53,MacBook Air,21,MacBook Pro,69,macOS,77,macOS 10.14,33,macOS 10.15,38,macOS 10.16,1,macOS 11,12,macOS Big Sur,8,macOS Catalina,14,Magic Keyboard,2,Maps,2,Market,1,Media,1,Micro-LED,1,Microsoft,13,Mini-LED,7,Mother’s Day,1,MR,1,Music,1,Netflix,2,News,754,Newsm,1,NFC,1,Nike,2,Nomad,1,Notch,1,Nvidia,1,Office,1,OLED,7,Original Content,18,OS X,1,P30,1,Pangu,1,Patent,36,Patents,4,PC,2,Pixel,4,Pixel Slate,2,Podcast,3,Powerbeats,10,Privacy,19,Pro Display XDR,4,Project Titan,2,ProRes Raw,1,Qualcomm,12,RAM,3,Refurbished,5,Render,1,Repair,3,Reports,3,Retail,2,Review,2,Roku,1,Rumors,19,Safari,6,Samsung,31,SECURITY,25,Self-Driving,3,Services,6,Shazam,4,Shopping,1,Shortcuts,3,Singapore,1,Siri,22,Smartphones,7,Software,4,Spotify,8,Sprint,2,Steve Jobs,6,Stock,26,Subscription,6,Supply Chain,1,Support,27,Swift,1,T-Mobile,3,Tablet,1,TANT,2,TeamViewer,1,Technology,1,Tesla,2,TestFlight,1,Texture,2,TikTok,2,Tim Cook,39,Touch Bar,2,Touch ID,7,Tracker,2,Trade-In,1,Trump,6,TSMC,13,TV,4,TV+,2,tvOS,43,tvOS 12,23,tvOS 13,36,tvOS 13.2,1,tvOS 14,19,tvOS12,2,Twitter,2,UK,1,US,1,USB-C,3,VBucks,1,Verizon,1,Verzion,1,Video,1,VirnetX,1,Vision Pro,1,VR,4,Wallpaper,17,watchOS,53,watchOS 5,25,watchOS 6,39,watchOS 7,27,watchOS 8,1,Webcam,1,WiFi,1,Windows,4,Wireless Charging,16,WWDC,35,Xcode,3,Xiaomi,1,YouTube,3,
rtl
item
Loveios: Major macOS High Sierra Security Vulnerability Allows Full Admin Access Without Password, So Here Is A Fix For It
Major macOS High Sierra Security Vulnerability Allows Full Admin Access Without Password, So Here Is A Fix For It
https://cdn.macrumors.com/article-new/2017/11/rootbug-800x583.jpg
Loveios
https://www.loveios.net/2017/11/major-macos-high-sierra-security.html?hl=ar
https://www.loveios.net/?hl=ar
https://www.loveios.net/
https://www.loveios.net/2017/11/major-macos-high-sierra-security.html
true
1784436446950495761
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share to a social network STEP 2: Click the link on your social network Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy Table of Content