High Sierra Bug Provides Full Root Access

High Sierra Bug Provides Full Root Access

To exploit the vulnerability, someone with access to the computer can type "root" and no password in the Users & Groups section of System Preferences.

People across the web have been able to duplicate this bug.

Ben Johnson, the chief technology officer of Obsidian Security and a former U.S. National Security Agency computer scientist, described the flaw to IBT as "a hacker's dream".

Ergin tweeted about the flaw on Tuesday, and as of the time of publication, all MacOS High Sierra machines are still vulnerable. The good news is that it's simple to patch this hole right now, without waiting for a software update from Apple.

More news: Gunfire at NY mall leaves 2 injured, officials say

It can't be stressed enough: This is a critical security flaw that all Apple laptop and desktop owners shouldn't ignore. "Never mind one from a security and privacy-conscious company such as Apple", Steve Troughton-Smith, a Mac software developer, wrote on Twitter.

Currently, there is no official fix from Apple regarding the issue.

To do so, open the System Preferences and click on the "Users & Groups" option. As it turns out, it's remarkably easy for someone to gain admin access to the device; you don't even need a password.

After clicking unlock several times, it should eventually open up, no passwords necessary. Click "Login Options", then click "Join", which appears next to the text "Network Account Server". But The Verge offered a solution: Create a new system administrator password. Then from the menu bar at the top of the screen, click on the "Edit" menu and choose "Enable Root User". Users can prevent an attacker from exploiting a bug by creating a "root" account themselves and giving it a custom password. In another lapse, Directory Utility lets you set the root password to blank - just leave both fields empty and click OK.

Related Articles