Horrifying macOS Bug Lets Anyone Become Admin With No Password

Alan Olson
November 29, 2017

An attacker can for instance enter root as the username in the users and groups preferences setting, leaving the password field blank, and clicking on the unlock button. That is the full Unix root account, which has superuser privileges that enable it to see and modify any file in any account.

Ben Johnson, the chief technology officer of Obsidian Security and a former U.S. National Security Agency computer scientist, described the flaw to IBT as "a hacker's dream". Even so, anyone running any version of High Sierra should take the utmost precaution with their systems until Apple sorts this entire mess out. Lemi Orhan Ergin, the founder of Software Craftsmanship Turkey, discovered the security flaw and tweeted it out to Apple Support on Tuesday.

It can't be stressed enough: This is a critical security flaw that all Apple laptop and desktop owners shouldn't ignore. A spokesperson for Apple was not immediately available for comment. However, there is a workaround that will provide users with some additional security to prevent against unauthorized logins: users can enable a root account that requires a password to gain access.

Melania Trump set to unveil White House Christmas decorations
And despite the somber kickoff to the White House Christmas decorations tour, Melania really is excited about the forthcoming holidays.

Sindhu aims to book spot in semis of Hong Kong Open
It was a dominating performance by Tzu-Ying who displayed why she is the top-ranked player in the women's game now . She drew the Taiwanese shuttler close to the net and then started placing the shuttles in hard positions for her.

Derrick Rose Leaves Cavs, Wants to Re-Evaluate Future in National Basketball Association
Rose reportedly has left the Cleveland Cavaliers and is trying to figure out if he still wants to continue playing basketball. According to ESPN , Rose has not communicating with people close to him inside the Cavs organization in the last few days.

The exploit can be run in System Preferences. Then, click the "Join" button beside "Network Account Server" and a new panel will pop up.

Click, then enter an administrator name and password. When the next menu appears, click the lock in the lower left to make changes. Then select "Change Root Password..." and choose a strong password, something with many letters and characters that can't be guessed. (The company maintains an invite-only bug bounty program.) Despite its incredibly alarming simplicity, The Verge is not reproducing the steps to bypass High Sierra's login screen here. This will prompt for a password for the Root user account.

Other reports by GlobalViralNews

Discuss This Article