Old 11-28-2017, 05:21 PM   #1
cyrano
Human being with feelings
 
cyrano's Avatar
 
Join Date: Jun 2011
Location: Belgium
Posts: 2,721
Default High Sierra root without a password

It's all over the Mac fora by now. Remote exploitability confirmed. Short:

https://derflounder.wordpress.com/20...s-high-sierra/

In other words, if you're running High Sierra, set a password for you root account.

links:

https://www.macobserver.com/tips/qui...erability-fix/

https://www.theregister.co.uk/2017/1...s_high_sierra/

https://www.macrumors.com/2017/11/28...-admin-access/

http://appleinsider.com/articles/17/...w-instructions

https://techcrunch.com/2017/11/28/as...ierra-machine/
__________________
Next thing on the todo list: introduce your paranoia to your imagination.
cyrano is online now   Reply With Quote
Old 11-28-2017, 05:51 PM   #2
jerome_oneil
Human being with feelings
 
jerome_oneil's Avatar
 
Join Date: Apr 2010
Location: Seattle
Posts: 4,830
Default

Wow. That's not even a small thing. I'd imagine every Apple Store display with High Sierra is being guarded by one of them Geniuses right now.
jerome_oneil is online now   Reply With Quote
Old 11-29-2017, 12:04 PM   #3
cyrano
Human being with feelings
 
cyrano's Avatar
 
Join Date: Jun 2011
Location: Belgium
Posts: 2,721
Default

The patch is out.

https://support.apple.com/en-us/HT208315

The Twitter message was just the first person to "see" the true possibilities. The bug had been on Apple's fora for months, as a solution to a very specific problem. That poster didn't even see the possibilities.

A bug report had been filled about two weeks ago. I guess there's some backlog in reading these...

Another serious local problem is that any logged on user can kill everything via the Terminal. Apple doesn't see that as a bug, letalone a security problem. It's a feature!
__________________
Next thing on the todo list: introduce your paranoia to your imagination.
cyrano is online now   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -7. The time now is 02:24 PM.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2018, vBulletin Solutions Inc.