Horrifying macOS Bug Lets Anyone Become Admin With No Password

Share

Naturally though, this is serious enough that Apple is likely working on getting a patch out as you're reading this.

Ben Johnson, the chief technology officer of Obsidian Security and a former U.S. National Security Agency computer scientist, described the flaw to IBT as "a hacker's dream".

Choose Edit Enable Root User, then enter the password that you want to use for the root user.

Many people have confirmed Ergin's discovery, and if you're running High Sierra, you can check it yourself. Then from the menu bar at the top of the screen, click on the "Edit" menu and choose "Enable Root User". You really shouldn't leave your Mac unattended at all until Apple fixes this, and you should shut off guest access for your device. "We'll meet up with you there". They could reset or change passwords, delete or add users and Apple IDs linked to the machine, and dip into other accounts on the system - essentially, they would get unfettered access to all the data that lives on the computer. Try this 1-3 times and voila-It will accept and boom, full system access.

Robots are the next step in using technology to explore sexuality.

Gas prices have fallen 40 cents in the last three weeks
The switch to winter-blend fuels, which are cheaper to produce, usually have some effect on Idaho prices by now. In Kansas, only three percent of gas stations are now selling regular unleaded gasoline for $2.51 or more.

That's not all. If your Mac displays the name and password fields on the login window, instead of a list of users, you can also log into the entire Mac as root, without a password. One Twitter user confirmed that the vulnerability works over a piece of software called VNC, or even through Apple's own Remote Desktop software.

To protect your computer, you'll need to create a root password.

Apple's official word on the situation is that they're now working on a software update to "address this issue".

The vulnerability does not always work on the first attempt, but simply continuing to click the "Unlock" button with "root" entered as the username and no password provided will eventually unlock the machine.

Share