MacOS High Sierra 'root' security flaw: How to protect your Mac against the 'hack'
Security researchers publicly exposed the critical Apple flaw on Twitter.
A major security flaw was uncovered in Apple's MacOS High Sierra, the tech giant's latest software for Macs, which allows anyone to get admin access without any real hacking. The flaw allows anyone admin access without a password. The flaw was publicly exposed by security researchers on Twitter, which will likely induce Apple to push out a quick fix.
While attempting to log in, all one has to do is type "root" as the username, leaving the password field blank and click on the "unlock" button twice to immediately gain complete access to the computer.
"We always see malware trying to escalate privileges and get root access," Patrick Wardle, a security researcher with Synack, told Wired. "This is the best, easiest way ever to get root, and Apple has handed it to them on a silver platter."
Wardle took to Twitter to report that the attack could also work remotely, if certain sharing services were enabled on a targeted Mac.
The Apple root flaw was first revealed on Twitter by Turkish software developer Lemi Orhan Ergin. The researcher told Wired that his company's staff uncovered the issue while attempting to help a user gain back access to their account. "They informed me and I tried on my machine too. And I saw the security issue with my eyes. That was scary," Ergin reportedly said.
You can access it via System Preferences>Users & Groups>Click the lock to make changes. Then use "root" with no password. And try it for several times. Result is unbelievable! pic.twitter.com/m11qrEvECs
— Lemi Orhan Ergin (@lemiorhan) November 28, 2017
The Verge reported that the flaw could allow anyone the ability to view all files and even reset users' systems as well as their Apple ID usernames and passwords. The bug could potentially allow malicious hackers a variety of leverages to conduct intrusive attacks.
If certain sharing services enabled on target - this attack appears to work 💯 remote ðŸ™ˆðŸ’€â˜ ï¸ (the login attempt enables/creates the root account with blank pw) Oh Apple ðŸŽðŸ˜·ðŸ¤’🤕 pic.twitter.com/lbhzWZLk4v
— patrick wardle (@patrickwardle) November 28, 2017
How to stay safe
Apple has reportedly confirmed the security flaw. The Verge reported that the tech giant said that it is working on the issue. Meanwhile, Apple has published a step-by-step guide on how users can protect themselves from the bug.
According to Apple's guidelines, the simplest way to avoid any potential attacks via the flaw is to set a root password. You can do this by clicking on System Preferences on the Apple menu, then clicking on Users & Groups (or Accounts). The next step is to click on Login Options, then click on Join (or Edit). Once that is done, click on Open Directory Utility and enter a username and password. Next, to enable the Root User (if you have not done that already), click on the menu bar within the Directory Utility window and then choose Change Root Password. You can also choose Disable Root User.
-
Football Clubs With The Most Arrests And Bans in 2022-23
-
Oil Prices Slip As Investors Eye Israel's Response To Iran Strike
-
Billionaire Declared Missing And Dead In 2018 Is 'Possibly Living In Moscow With Mistress'
-
Wendy's Sued For $20M After 11-Year-Old Gets Brain and Kidney Damage From 'Dirty Meal'
