Welcome to WebmasterWorld Guest from 54.163.210.170

Forum Moderators: travelin cat

Featured Home Page Discussion

Apple flaw allows MacOS High Sierra logins without passwords

     
9:42 pm on Nov 28, 2017 (gmt 0)

Moderator This Forum from US 

WebmasterWorld Administrator travelin_cat is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Feb 28, 2004
posts: 3245
votes: 13


The latest version of Apple’s software has a glaring hole in it: you can login with just the username "root."
[cnet.com...]
10:07 pm on Nov 28, 2017 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Sept 25, 2005
posts:1584
votes: 223


Just tried it on my Macbook. Wow.
7:25 pm on Nov 29, 2017 (gmt 0)

Full Member from US 

10+ Year Member

joined:May 16, 2006
posts: 289
votes: 1


A software update is available now.
12:52 pm on Nov 30, 2017 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:24819
votes: 624


It seems Apple will automatically install the fix on all systems running the latest version (10.13.1) of MacOS High Sierra at some point today.
2:44 pm on Nov 30, 2017 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:11121
votes: 111


There is a temporary work around that involves enabling the root user and setting a password.
[support.apple.com...]

I haven't found anything that states whether or not this exploit actually provides root access to this username while the root user is disabled or if it is essentially a guest user.
6:55 pm on Nov 30, 2017 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:24819
votes: 624


I also found this
Repair file sharing after Security Update 2017-001 for macOS High Sierra 10.13.1

[support.apple.com...]
6:46 pm on Dec 1, 2017 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Nov 16, 2005
posts:2715
votes: 102


@phranque, this article: [theregister.co.uk...]

says that it does provide root access
11:27 pm on Dec 1, 2017 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:11121
votes: 111


thanks, graeme_p!
that's a good article...
11:37 pm on Dec 1, 2017 (gmt 0)

Moderator This Forum from US 

WebmasterWorld Administrator travelin_cat is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Feb 28, 2004
posts: 3245
votes: 13


Ruh roh:
"Those who had not yet upgraded their operating system from the original version of High Sierra, 10.13.0, to the most recent version, 10.13.1, but had downloaded the patch, say the "root" bug reappears when they install the most recent macOS system update. "
[wired.com...]
7:32 pm on Dec 2, 2017 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:June 4, 2002
posts: 1840
votes: 3


I'm sure glad I didn't update to High Sierra yet. I had (and still have) a lot of bugs just upgrading to Sierra.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members