Fix for Apple's MacOS root password flaw is here

30 November, 2017, 12:41 | Author: Devin Moran
  • Fix for Apple's MacOS root password flaw is here

Apple's latest MacOS High Sierra operating system has a very serious flaw that can allow anyone with access to a Mac gain root access by simply typing "root" as the username. "This is best, easiest way ever to get root, and Apple has handed it to them on a silver platter".

Apple's official policy of saying nothing about security issues until a fix is out meant that there wasn't much to go on once the news broke, except to assume that Apple's programmers were frantically coding up a fix...

But it turns out that the problem was highlighted in Apple's developer forums two weeks ago. When prompted for username and password, type username: root and leave the password empty. Apparently, this also works on FileVault in the MacOS which makes this bug quite devastating.

For many companies, the practice of reusing the same local admin password for every endpoint, and rarely, if ever, changing it continues to be common practice. It can also be exploited at the login screen of a locked Mac, even after a reboot, if the bug has been used before, and in some cases remotely, if a user has screen sharing enabled.

Security experts warned that the security hole was both embarrassing for the company and unsafe, allowing anyone with physical access - and in some instances remote access - to a Mac computer to gain full access to user data.

Developer Lemi Orhan Ergin publicly informed Apple about the security issue via Twitter on November 28, and was criticized by some for doing so out of fear that the bug would be more widely exploited.

Apple customers have found a login error for the High Sierra operating system where you can login into the system without a password putting the user's data and information at risk. This simple action gives complete superuser access rights to the system exposing all user data.

The security flaw was discovered by Lemi Ergin, a Turkish software developer.

The vulnerability was publically revealed on Twitter earlier, but it's unknown whether or not Apple was alerted to it beforehand.

The flaw has since been closed by Apple with an update released Wednesday morning.



Illinois Sues Uber Over 2016 Data Breach
A spokesman for Uber told the BBC the firm is not able to clarify how many United Kingdom drivers are included in the 2.7 million. If that penalty were applied to each of the affected drivers in Washington, it would total almost $22 million in penalties.

Microsoft plans upgrade for Redmond headquarters
As a Zero Waste Certified campus we will continue to focus further on waste-reduction initiatives. Microsoft says that the new campus will be more open and less formal.

Tiger Woods on comeback trail
Tests revealed that five drugs - Vicodin, Dilaudid, Xanax, Ambien and THC - were in his system after he was taken into custody. Woods' comeback this week will make it the 10th time he has returned from layoffs that were 10 weeks or longer.

National Basketball Association star Blake Griffin suffers brutal knee injury, video shows
After playing through a noticeable limp for a short while, Griffin exited the court with a trainer and did not return to the game. The team has announced Blake Griffin will miss up to eight weeks with a sprained medial collateral ligament in his left knee.

Shoppers evacuated after reports of shots fired at NY mall
Two individuals were injured, as indicated by News 12 Westchester , yet the degree of their wounds was not promptly clear. Video posted to social media showed armed officers scouring the shopping mall while shoppers ran toward the exits.

LG V30 Gets Android Oreo Beta Update
The smartphone was shipped with Android 7.1 in the USA market, which left users anticipating the update for Android 8.0 Oreo. The Oreo update will bring considerable improvements to the U11, concerning the performance and battery life.

Michael Crabtree, Aqib Talib ejected for throwing punches during brawl
What do you want me to do? Talib just didn't like Crabtree's chain. . "So he wore it in front of me so I had to snatch it off". Three players were ejected during the first quarter of Sunday's game between the Denver Broncos and Oakland Raiders .

Is Michael Flynn breaking from Team Trump?
It's possible that Flynn is merely in discussions with Mueller's office, and that those talks will ultimately fall through. During the latter period, Flynn and the president's son-in-law, Jared Kushner, took a private meeting with Kislyak.

Jurgen Klopp Explains Row With Sadio Mane At Full Time
With this in mind, It seems to me that next summer would be the right time to take a hard decision and sell Philippe Coutinho . Indeed, after the draw with Chelsea , Coutinho outlined the situation: 'I think we're a very focused team.

Small Business Saturday a success in Wichita
And it just lets people know to buy local", Solorio said". "You might not know that someone makes wreaths out of their house". Small Business Saturday thrived around the country, even here, in Arroyo Grande. "It's the best day of the year".