Apple macOS High Sierra has a huge security vulnerability
Well this isn't good. A bug in Apple macOS High Sierra can let anyone gain admin access to a Mac. To make matters worse, once that access has been gained, an attacker can later log back into the locked device anytime.
Published to Twitter on Tuesday by software engineer Lemi Orhan Ergin, the vulnerability is alarmingly straightforward. The flaw allows someone to create a kind of phantom profile, one that can log into the Mac with admin access, but it won't show up on a real admin account.
Once the phantom account is created, a user simply needs to enter "root" as a username and, without entering a password, hit enter to unlock. Importantly, the hacker first has to have access to a unlocked computer to be able to pull this off. But still, it's bad.
Mashable confirmed this security flaw exists on macOS High Sierra 10.13.0.
Tweet may have been deleted
Tweet may have been deleted
Anyone looking to exploit the flaw would in most cases first need physical access to the machine while an admin is logged in. They would only need access for a few seconds, though, and then could return anytime to log in as an admin.
However, should a vulnerable machine also happen to have screen sharing turned on, it is reportedly remotely vulnerable as well.
Tweet may have been deleted
Tweet may have been deleted
"We are working on a software update to address this issue," explained Apple when reached for comment. "In the meantime, setting a root password prevents unauthorized access to your Mac."
Instructions to do so can be found on an Apple support page.
This story has been updated with information about remote exploitation, as well as a statement from Apple.
Featured Video For You
This eco-friendly fabric can repel stains and odors
-
厚植精神文明沃土 培树司法文明新风How to do a data detox when you're super lazy“天姿国乐”《国乐丹青》新年音乐会在雅奏响US ready to be 'flexible' for 'balanced agreement' with North Korea[Online Predators] Deepfake pornography haunts S. KoreaGreta Thunberg arrives in Portugal on her way to climate talksKorea, US set NK nuclear, missile issue as priority for allianceTrump tells Puerto Ricans “we are with you” as FEMA ends food and water distributionApple's iPhone 17 will come with a huge RAM upgrade, report claimsFBI denounces Nunes memo in statement.
下一篇:SCOTUS: The courts implementing Project 2025, without Trump.
- ·Courting Disaster
- ·North Korea says denuclearization 'gone out of negotiation table' with US
- ·Alito denies Pennsylvania Republicans‘ request to preserve partisan gerrymander.
- ·US slaps sanctions over North Korea overseas workers
- ·Republicans on abortion
- ·Trump warns N. Korea not to interfere with his reelection bid
- ·Trump may reduce focus on North Korea in election year
- ·Would it have been legal for Trump to direct Robert Mueller’s removal?
- ·Anatomy of a Keyboard
- ·把好油烟治理关 深入推进环保工作
- ·Trump tells Puerto Ricans “we are with you” as FEMA ends food and water distribution
- ·Killer Mike apologized after the NRA used his words to bash the March for Our Lives
- ·Amazon Android Days sale 2024: Save on unlocked phones, tablets, and more
- ·Alito denies Pennsylvania Republicans‘ request to preserve partisan gerrymander.
- ·做好本职工作 努力建设全民科普
- ·Alito denies Pennsylvania Republicans‘ request to preserve partisan gerrymander.
- ·DOJ accuses TikTok of collecting and sharing users' personal views, as the app fights a ban
- ·Woman claims restaurant review in Washington Post exposed husband's affair
- ·Hackers beat 2
- ·Govt. expresses condolences over deaths of 4 ethnic Koreans in Atlanta shootings
- ·Prime exclusive deal: $50 off Govee floor lamp
- ·开展专项检查 排查商家火灾隐患
- ·Why Trump trying to fire Mueller might not help an obstruction case.
- ·England manager unhappy with Henderson's failed penalty stunt
- ·Understanding Relational vs. Non
- ·Google won't say why it took down more than 300 Trump ads
- ·2016's $400 GPU vs. 2019's $400 GPUs
- ·上周我市猪肉价格稳中略涨
- ·North Korea has 1st case of coronavirus infection: report
- ·Krejcikova pays tribute to Novotna after French Open triumph
- ·NASA says Earth just had the hottest day ever recorded
- ·Australian student says North Korea forced him to admit spying
- ·N. Korea says it carried out 'very important test' at satellite launch site
- ·North Korean provocation looming after Soleimani killing
- ·13 Astronomical Clocks Connecting Time And Space
- ·South Korea, US agree to closely coordinate on inter