Friday, 18 January 2019
Latest news
Main » Surprise, surprise! Security by obscurity fails Apple's MacOS

Surprise, surprise! Security by obscurity fails Apple's MacOS

29 November 2017

Type "root" with no password, and simply try that several times until the system relents and lets you in.

Apple has seeded the fifth beta build of macOS High Sierra 10.13.2 for debugging on the Mac. This blocks the bug from creating another root account.

Security issues with your products are never a good thing and when you have a user publically Tweet about one, it makes you move. The company didn't immediately respond to a request for comment.

Jennifer Lawrence freaks out meeting RHOBH star Lisa Rinna
In ELLE's November 2017 issue, Jennifer Lawrence addresses what she wants to do during her break from acting . Next spring she will star as a Russian ballerina spy in Red Sparrow .

Soon after Ergin's tweet, a flood of security researchers and writers confirmed the bug works as described - whether attempting to access an administrator's account on an unlocked Mac, or trying to gain access via the login screen of a locked Mac. If you do that, High Sierra promptly sets up a new account called System Administrator and a home folder located in /private/var/root. If you want to protect yourself, physically keep your Mac on lockdown for now, until Apple releases a software update, which we expect will come out in the next 24-48 hours due to the severity of this bug.

The exploit can be run in System Preferences. If Change Root Password is grayed out, you may have to choose Edit Enable Root User first. They can change any users' password, allowing them to log in and access things like email and browser passwords.

Effectively, this issue renders any system running macOS High Sierra completely unsecured - as it doesn't just unlock the device, it gives Admin access.

Donald Trump Challenges CNN International Coverage for Spreading 'Fake News'
Since Trump's inauguration, CNN has taken a more hostile tone towards the president and many of his staff. Well with US President's Twitter habits, there is no tiresome day on the social media.

Currently, there is no official fix from Apple regarding the issue.

At the login screen, click "Other". Then, click the "Join" button beside "Network Account Server" and a new panel will pop up. Users can prevent an attacker from exploiting a bug by creating a "root" account themselves and giving it a custom password.

Click the lock icon in Directory Utility's window and authenticate.

Government unveils industrial strategy
Artificial intelligence - "we will put the United Kingdom at the forefront of the artificial intelligence and data revolution". The government's new industrial strategy has made local smart energy systems one of its priority areas of development.

Surprise, surprise! Security by obscurity fails Apple's MacOS