Apple macOS High Sierra has a huge security vulnerability
Well this isn't good. A bug in Apple macOS High Sierra can let anyone gain admin access to a Mac. To make matters worse, once that access has been gained, an attacker can later log back into the locked device anytime.
Published to Twitter on Tuesday by software engineer Lemi Orhan Ergin, the vulnerability is alarmingly straightforward. The flaw allows someone to create a kind of phantom profile, one that can log into the Mac with admin access, but it won't show up on a real admin account.
Once the phantom account is created, a user simply needs to enter "root" as a username and, without entering a password, hit enter to unlock. Importantly, the hacker first has to have access to a unlocked computer to be able to pull this off. But still, it's bad.
Mashable confirmed this security flaw exists on macOS High Sierra 10.13.0.
Tweet may have been deleted
Tweet may have been deleted
Anyone looking to exploit the flaw would in most cases first need physical access to the machine while an admin is logged in. They would only need access for a few seconds, though, and then could return anytime to log in as an admin.
However, should a vulnerable machine also happen to have screen sharing turned on, it is reportedly remotely vulnerable as well.
Tweet may have been deleted
Tweet may have been deleted
"We are working on a software update to address this issue," explained Apple when reached for comment. "In the meantime, setting a root password prevents unauthorized access to your Mac."
Instructions to do so can be found on an Apple support page.
This story has been updated with information about remote exploitation, as well as a statement from Apple.
Featured Video For You
This eco-friendly fabric can repel stains and odors
(责任编辑:产品中心)
- The Analog Embrace: How Some Experiences Are Surviving the Digital Age
- “蚝”情万丈拼开局,湛江擂响生蚝产业高质量发展战鼓
- Tom Hanks is not really quarantined with Wilson, the ball from 'Cast Away'
- 7 details from the '101 Dalmatians' book that 'Cruella' left out
- Who is the Dark Wizard in 'The Lord of the Rings: The Rings of Power' Season 2?
- 厚植精神文明沃土 培树司法文明新风
- Tinder cancels apocalyptic show's global debut due to coronavirus
- 市政协四届28次主席会议召开
- F1 stars hail 'very exciting' prospect of Audi, Porsche
- South Korean lawmakers brace for US election as Harris, Trump diverge on North Korea
- Apple to launch new AirPods this year, AirPods Pro in 2022, report claims
- Ramos wants five more years at the top
- Tinder cancels apocalyptic show's global debut due to coronavirus
-
Moeko Fujii ,July 18, 2024 The Eyes of Lac ...[详细]
-
Lady Gaga talks about her experience of sexual abuse and the psychological impact of trauma
Content warning: the following article contains detailed discussion of sexual violence and self-harm ...[详细] -
7月2日,名山区植物油厂小区居民王守贵起床后,到小区公厕如厕。一条刚刚硬化的水泥路从家门口一直延伸到公厕,以往上个厕所也要踩一脚泥变成了历史;曾经破败不堪的小院,经过修整后变成了花园;新增的洗手池、分 ...[详细]
-
佛冈县:“树”字赋能,共创绿美_南方+_南方plus岭南春来早,绿美正当时。2月21日上午,佛冈在水头镇西田村举行2024年“我为佛冈种棵树”认捐认种行动暨全社会助力绿美佛冈乡村绿化启动仪式,在全县掀 ...[详细]
-
Scout Brobst ,July 30, 2024 Venture Missio ...[详细]
-
Leclerc claims thumping win in Australia
MELBOURNE:A flawless Charles Leclerc led from start to finish to steer his Ferrari to an action-pack ...[详细] -
N. Korea announces amnesty for convicted people to mark late leaders' birthdays
This photo, released by the Korean Central News Agency on Dec. 7, 2021, shows North Korean leader Ki ...[详细] -
NK train enters China for the first time since pandemic
Flags of North Korea and China (123rf)Cargo trains between North Korea and China have resumed operat ...[详细] -
CrowdStrike outage is still causing hundreds of flight cancellations daily
Three days after a faulty update in cybersecurity company CrowdStrike's software caused a global IT ...[详细] -
发挥“双博会”作用,助力食品产业新质生产力高地建设 | 农业干部讲预制菜⑯_南方+_南方plus2月22日,在第八届中国国际食品及配料博览会暨第二届中国国际预制菜产业博览会新闻发布会上,广东农业农村厅 ...[详细]
PS5 Pro: It looks like a sketch of the design just leaked
7 details from the '101 Dalmatians' book that 'Cruella' left out
- Scientists detect water sloshing on Mars. There could be a lot.
- 最全游玩攻略!2月23
- Facebook finally appoints members to its Oversight Board, but will it really matter?
- Family members of S. Korean detainees in N. Korea recognized as victims of abduction
- 50 Places to Eat and Drink Before You Die
- 9 best tweets of the week, including Mare, LSD, and Macbeth
- Ralph Northam digs in, says he won't resign.