Skip to main content

macOS High Sierra Bug Lets Anyone Gain Root Access Without a Password


If you own a Mac computer and run the latest version of Apple's operating system, macOS High Sierra, then you need to be extra careful with your computer.

A serious, yet stupid vulnerability has been discovered in macOS High Sierra that allows untrusted users to quickly gain unfettered administrative (or root) control on your Mac without any password or security check, potentially leaving your data at risk.

Discovered by developer Lemi Orhan Ergin on Tuesday, the vulnerability only requires anyone with physical access to the target macOS machine to enter "root" into the username field, leave the password blank, and hit the Enter a few times—and Voila!

In simple words, the flaw allows an unauthorized user that gets physical access on a target computer to immediately gain the highest level of access to the computer, known as "root," without actually typing any password.

Needless to say, this blindingly easy Mac exploit really scary stuff.

This vulnerability is similar to one Apple patched last month, which affected encrypted volumes using APFS wherein the password hint section was showing the actual password of the user in the plain text.


YOU MAY ALSO LIKE :


Here's How to Login as Root User Without a Password


If you own a Mac and want to try this exploit, follow these steps from admin or guest account:


  • Open System Preferences on the machine.
  • Select Users & Groups.
  • Click the lock icon to make changes.
  • Enter "root" in the username field of a login window.
  • Move the cursor into the Password field and hit enter button there few times, leaving it blank.


With that (after a few tries in some cases) macOS High Sierra logs the unauthorized user in with root privileges, allowing the user to access your Mac as a "superuser" with permission to read and write to system files, including those in other macOS accounts as well.

This flaw can be exploited in several ways, depending on the setup of the targeted Mac. With full-disk encryption disabled, a rogue user can turn on a Mac that's entirely powered down and log in as root by doing the same trick.

At Mac's login screen, an untrusted user can also use the root trick to gain access to a Mac that has FileVault turned on to make unauthorized changes to the Mac System Preferences, like disabling FileVault.

All the untrusted user needs to do is click "Other" at the login screen, and then enter "root" again with no password.

However, it is impossible to exploit this vulnerability when a Mac machine is turned on, and the screen is protected with a password.

Ergin publicly contacted Apple Support to ask about the issue he discovered. Apple is reportedly working on a fix.
"We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the 'Change the root password' section."

Here's How to Temporarily Fix the macOS High Sierra Bug


Fortunately, the developer suggested a temporary fix for this issue which is as easy as its exploit.

To fix the vulnerability, you need to enable the root user with a password. Heres how to do that:

  • Open System Preferences and Select Users & Groups
  • Click on the lock icon and Enter your administrator name and password there
  • Click on "Login Options" and select "Join" at the bottom of the screen
  • Select "Open Directory Utility"
  • Click on the lock icon to make changes and type your username and password there
  • Click "Edit" at the top of the menu bar
  • Select "Enable Root User" and set a password for the root user account

This password will prevent the account from being accessed with a blank password.

Just to be on the safer side, you can also disable Guest accounts on your Mac. for this, head on to System Preferences → Users & Groups, select Guest User after entering your admin password, and disable "Allow guests to log in to this computer."


YOU MAY ALSO LIKE :


Labels:
Location: United States

Comments

Post a Comment

Popular posts from this blog

DJI Spark vs. Parrot Bebop 2 Which One Is The Best

It's a Parrot vs DJI drone showdown Earlier this year, DJI announced it would be taking on the entry-level, selfie drone market with its  Spark . Along with challengers like the  Yuneec Breeze , the smallest DJI quadcopter is priced within touching distance of the bigger  Parrot Bebop 2 . How do they compare? Weight The Bebop is significantly heavier than the Spark, but that extra weight is an advantage in some ways. More on that in a minute. Battery Parrot has slotted a big battery into the Bebop 2 – the original Bebop had an 1100 mAh unit, compared to the 2700 mAh pack in the latest Bebop 2. That translates to a healthy flight time, too. Flight Time Parrot has a massive advantage over DJI when it comes to flight time. The bigger battery in the Bebop affords it a healthy 25 minute flight time, compared to 16 minutes for the Spark. The heavier Parrot drone is also likely to stand up better to buffeting in high winds. Range Both d...
Post a Comment
Read more

Update Your Firefox Browser to Fix a Critical Remotely Exploitable Flaw

Mozilla has released an important update for its Firefox web browser to patch a critical vulnerability that could allow remote attackers to execute malicious code on computers running an affected version of the browser. The update comes just a week after the company rolled out its new Firefox Quantum browser, a.k.a Firefox 58, with some new features like improved graphics engine and performance optimizations and patches for more than 30 vulnerabilities. According to a security  advisory  published by Cisco, Firefox 58.0.1 addresses an 'arbitrary code execution’ flaw that originates due to 'insufficient sanitization' of HTML fragments in  chrome-privileged  documents (browser UI). Hackers could exploit this vulnerability (CVE-2018-5124) to run arbitrary code on the victim's computer just by tricking them into accessing a link or ' opening a file that submits malicious input to the affected software .' "A successful exploit could allow the a...
Post a Comment
Read more

8 Best Facebook Alternatives With Focus On Privacy For 2018

If you try to keep yourself updated with the latest developments in the technology and security world, you must be knowing about the recent Facebook-CA scandal. While most of us knew about Facebook’s relentless data collection practices, this revelation has forced many of us to raise questions and look for Facebook alternatives. Some are even looking for ways to permanently delete their Facebook account. There are many social networks, messaging apps, and news aggregation sites that you can get as a replacement of Facebook. So, let’s tell you about them in brief: Top 8 alternatives to Facebook’s website and app 1.  Vero The subscriber usage data is the bread and butter of social networks like Facebook. Vero is an option in this case as it’s based on the subscription model; so, it doesn’t show ads and collect data for the same. This fast-growing social media alternative is only app-based. They do collect your usage stats but make it av...
Post a Comment
Read more