Someone has discovered a vulnerability on the new macOS High Sierra. The macOS High Sierra, a successor to Sierra, was announced at Apple’s Worldwide Developers Conference in June and has been rolled out
The vulnerability was published on Twitter by software engineer Lemi Orhan Ergin . The bug allows anyone gain admin access to a Mac. So you can create a kind of phantom profile, one that can log into a Mac with admin access but it won’t show up on a real admin account.
Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as "root" with empty password after clicking on login button several times. Are you aware of it @Apple?
— Lemi Orhan Ergin (@lemiorhan) November 28, 2017
You can access it via System Preferences>Users & Groups>Click the lock to make changes. Then use "root" with no password. And try it for several times. Result is unbelievable! pic.twitter.com/m11qrEvECs
— Lemi Orhan Ergin (@lemiorhan) November 28, 2017
In response to this issue, Apple told Mashable that they are working on a software update to address the issue.”In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012.”
I guess this will have to do until Apple releases an official patch.
1 Comment
Pingback: Oops! Apple macOS High Sierra has a vulnerability which allows access to a Mac - Techlator