Old 11-28-2017, 05:21 PM   #1
cyrano
Human being with feelings
 
cyrano's Avatar
 
Join Date: Jun 2011
Location: Belgium
Posts: 3,184
Default High Sierra root without a password

It's all over the Mac fora by now. Remote exploitability confirmed. Short:

https://derflounder.wordpress.com/20...s-high-sierra/

In other words, if you're running High Sierra, set a password for you root account.

links:

https://www.macobserver.com/tips/qui...erability-fix/

https://www.theregister.co.uk/2017/1...s_high_sierra/

https://www.macrumors.com/2017/11/28...-admin-access/

http://appleinsider.com/articles/17/...w-instructions

https://techcrunch.com/2017/11/28/as...ierra-machine/
__________________
“Political correctness is fascism pretending to be manners.” George Carlin
cyrano is offline   Reply With Quote
Old 11-28-2017, 05:51 PM   #2
jerome_oneil
Human being with feelings
 
jerome_oneil's Avatar
 
Join Date: Apr 2010
Location: Seattle
Posts: 4,934
Default

Wow. That's not even a small thing. I'd imagine every Apple Store display with High Sierra is being guarded by one of them Geniuses right now.
jerome_oneil is offline   Reply With Quote
Old 11-29-2017, 12:04 PM   #3
cyrano
Human being with feelings
 
cyrano's Avatar
 
Join Date: Jun 2011
Location: Belgium
Posts: 3,184
Default

The patch is out.

https://support.apple.com/en-us/HT208315

The Twitter message was just the first person to "see" the true possibilities. The bug had been on Apple's fora for months, as a solution to a very specific problem. That poster didn't even see the possibilities.

A bug report had been filled about two weeks ago. I guess there's some backlog in reading these...

Another serious local problem is that any logged on user can kill everything via the Terminal. Apple doesn't see that as a bug, letalone a security problem. It's a feature!
__________________
“Political correctness is fascism pretending to be manners.” George Carlin
cyrano is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -7. The time now is 09:46 PM.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2018, vBulletin Solutions Inc.