Декабря 14 2017


There's a Massive Security Vulnerability in the New macOS

Декабря 14 2017, 10:46 | Guillermo Bowen

Apps & Software Image Source Apple

MacOS High Sierra login bug

When the problem is exploited, the user is authenticated into a "System Administrator" account and is given full ability to view files and even reset or change passwords for pre-existing users on that machine. Lemi Orhan Ergin, the founder of Software Craftsmanship Turkey, discovered the security flaw and tweeted it out to Apple Support on Tuesday.

The level of unbridled access this security hole permits - and it abruptly being made public - will nearly certainly prompt Apple to move fast in releasing an update for its Mac operating system.

International Business Times was able to successfully replicate the issue on a MacBook Air and a MacBook Pro, both running version 10.13.1 of MacOS High Sierra.

Effectively, this issue renders any system running macOS High Sierra completely unsecured - as it doesn't just unlock the device, it gives Admin access.

Click the lock in the corner. The security flaw isn't too much of a big deal, though, as one would need physical access to your device in order to get unauthorized administrative access to your device. Apple ID email addresses tied to users on the Mac can be removed and altered, as well. We've reached out to Apple for comment and will update it we hear back.

As it now stands, the bug presents a huge security risk for devices running MacOS High Sierra. We are now updating our machines and will report back.

To do so, open the System Preferences and click on the "Users & Groups" option.

Enter "root" again with no password. You can do this from the user login screen.



Other news