Skip to main content

macOS High Sierra Bug Lets Anyone Gain Root Access Without a Password


If you own a Mac computer and run the latest version of Apple's operating system, macOS High Sierra, then you need to be extra careful with your computer.

A serious, yet stupid vulnerability has been discovered in macOS High Sierra that allows untrusted users to quickly gain unfettered administrative (or root) control on your Mac without any password or security check, potentially leaving your data at risk.

Discovered by developer Lemi Orhan Ergin on Tuesday, the vulnerability only requires anyone with physical access to the target macOS machine to enter "root" into the username field, leave the password blank, and hit the Enter a few times—and Voila!

In simple words, the flaw allows an unauthorized user that gets physical access on a target computer to immediately gain the highest level of access to the computer, known as "root," without actually typing any password.

Needless to say, this blindingly easy Mac exploit really scary stuff.

This vulnerability is similar to one Apple patched last month, which affected encrypted volumes using APFS wherein the password hint section was showing the actual password of the user in the plain text.


YOU MAY ALSO LIKE :



Here's How to Login as Root User Without a Password


If you own a Mac and want to try this exploit, follow these steps from admin or guest account:


  • Open System Preferences on the machine.
  • Select Users & Groups.
  • Click the lock icon to make changes.
  • Enter "root" in the username field of a login window.
  • Move the cursor into the Password field and hit enter button there few times, leaving it blank.


With that (after a few tries in some cases) macOS High Sierra logs the unauthorized user in with root privileges, allowing the user to access your Mac as a "superuser" with permission to read and write to system files, including those in other macOS accounts as well.

This flaw can be exploited in several ways, depending on the setup of the targeted Mac. With full-disk encryption disabled, a rogue user can turn on a Mac that's entirely powered down and log in as root by doing the same trick.

At Mac's login screen, an untrusted user can also use the root trick to gain access to a Mac that has FileVault turned on to make unauthorized changes to the Mac System Preferences, like disabling FileVault.

All the untrusted user needs to do is click "Other" at the login screen, and then enter "root" again with no password.

However, it is impossible to exploit this vulnerability when a Mac machine is turned on, and the screen is protected with a password.

Ergin publicly contacted Apple Support to ask about the issue he discovered. Apple is reportedly working on a fix.
"We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the 'Change the root password' section."

Here's How to Temporarily Fix the macOS High Sierra Bug


Fortunately, the developer suggested a temporary fix for this issue which is as easy as its exploit.

To fix the vulnerability, you need to enable the root user with a password. Heres how to do that:

  • Open System Preferences and Select Users & Groups
  • Click on the lock icon and Enter your administrator name and password there
  • Click on "Login Options" and select "Join" at the bottom of the screen
  • Select "Open Directory Utility"
  • Click on the lock icon to make changes and type your username and password there
  • Click "Edit" at the top of the menu bar
  • Select "Enable Root User" and set a password for the root user account

This password will prevent the account from being accessed with a blank password.

Just to be on the safer side, you can also disable Guest accounts on your Mac. for this, head on to System Preferences → Users & Groups, select Guest User after entering your admin password, and disable "Allow guests to log in to this computer."


YOU MAY ALSO LIKE :


Comments

Popular posts from this blog

DJI Spark vs. Parrot Bebop 2 Which One Is The Best

It's a Parrot vs DJI drone showdown Earlier this year, DJI announced it would be taking on the entry-level, selfie drone market with its  Spark . Along with challengers like the  Yuneec Breeze , the smallest DJI quadcopter is priced within touching distance of the bigger  Parrot Bebop 2 . How do they compare? Weight The Bebop is significantly heavier than the Spark, but that extra weight is an advantage in some ways. More on that in a minute. Battery Parrot has slotted a big battery into the Bebop 2 – the original Bebop had an 1100 mAh unit, compared to the 2700 mAh pack in the latest Bebop 2. That translates to a healthy flight time, too. Flight Time Parrot has a massive advantage over DJI when it comes to flight time. The bigger battery in the Bebop affords it a healthy 25 minute flight time, compared to 16 minutes for the Spark. The heavier Parrot drone is also likely to stand up better to buffeting in high winds. Range Both d...

Update Your Firefox Browser to Fix a Critical Remotely Exploitable Flaw

Mozilla has released an important update for its Firefox web browser to patch a critical vulnerability that could allow remote attackers to execute malicious code on computers running an affected version of the browser. The update comes just a week after the company rolled out its new Firefox Quantum browser, a.k.a Firefox 58, with some new features like improved graphics engine and performance optimizations and patches for more than 30 vulnerabilities. According to a security  advisory  published by Cisco, Firefox 58.0.1 addresses an 'arbitrary code execution’ flaw that originates due to 'insufficient sanitization' of HTML fragments in  chrome-privileged  documents (browser UI). Hackers could exploit this vulnerability (CVE-2018-5124) to run arbitrary code on the victim's computer just by tricking them into accessing a link or ' opening a file that submits malicious input to the affected software .' "A successful exploit could allow the a...

Amazon, Reddit And Others Fail To Warn Us About Dumb Passwords

B elieve it or not, there is still a large number of people who use passwords such as “password,” “password123”, “[dog’s name]1” and others along the same lines. And in the era of sophisticated hacking, these passwords are not exactly “safe.” Before me, this is the first thing websites should inform you while setting up a password. But apparently, many big names are not doing enough to encourage non-terrible passwords, according to  the new research . Steve Furnell from the University of Plymouth has been keeping tabs on the websites like Amazon, Reddit, and Wikipedia for many years, carrying out similar assessments in 2007, 2011 and 2014. His 2018 survey examined practices of Google, Facebook, Wikipedia, Reddit, Yahoo, Amazon, Twitter, Instagram, Microsoft Live, and Netflix. The study concluded that Amazon had the worst performance among all the names. It nearly accepted every kind of password of any length. On the other hand, Yahoo and Wikip...