Apple macOS High Sierra has a huge security vulnerability
Well this isn't good. A bug in Apple macOS High Sierra can let anyone gain admin access to a Mac. To make matters worse, once that access has been gained, an attacker can later log back into the locked device anytime.
Published to Twitter on Tuesday by software engineer Lemi Orhan Ergin, the vulnerability is alarmingly straightforward. The flaw allows someone to create a kind of phantom profile, one that can log into the Mac with admin access, but it won't show up on a real admin account.
Once the phantom account is created, a user simply needs to enter "root" as a username and, without entering a password, hit enter to unlock. Importantly, the hacker first has to have access to a unlocked computer to be able to pull this off. But still, it's bad.
Mashable confirmed this security flaw exists on macOS High Sierra 10.13.0.
Tweet may have been deleted
Tweet may have been deleted
Anyone looking to exploit the flaw would in most cases first need physical access to the machine while an admin is logged in. They would only need access for a few seconds, though, and then could return anytime to log in as an admin.
However, should a vulnerable machine also happen to have screen sharing turned on, it is reportedly remotely vulnerable as well.
Tweet may have been deleted
Tweet may have been deleted
"We are working on a software update to address this issue," explained Apple when reached for comment. "In the meantime, setting a root password prevents unauthorized access to your Mac."
Instructions to do so can be found on an Apple support page.
This story has been updated with information about remote exploitation, as well as a statement from Apple.
Featured Video For You
This eco-friendly fabric can repel stains and odors
(责任编辑:新闻中心)
- ·Nvidia GeForce Now Ultimate vs. New Graphics Card
- ·Americans pay little attention to summit
- ·Taliban withdraws from Kunduz shortly after major Afghanistan victory.
- ·Here are the most popular masturbation searches on Pornhub
- ·The local version of Project 2025 is already causing devastation.
- ·Moon vows to assist in settling NK
- ·Your future iPhone may have a screen that heals itself
- ·Your future iPhone may have a screen that heals itself
- ·A Journey Into the Mind of Stephen King
- ·汉源警方捣毁贩毒吸毒盗窃团伙 46名涉案人员落网
- ·17 Places That Harness the Power of the Sun
- ·Donald Trump: Not at tonight's debate.
- ·Study trains Port Jackson sharks to respond to jazz music
- ·Unbreachable security: two leaders showcase protective armors at Hanoi summit
- ·Police bust crypto scammer who received plastic surgery to evade arrest
- ·8月份我市工业生产者购进价格同比上涨0.66%
- ·Karachi traffic police issues PSL diversion plan
- ·Former strongman Chun will attend libel trial: lawyer
- ·24 of the Oldest Trees in the World
- ·Pornhub is now selling socks for, well, whatever workout you want