Published: Sun, December 03, 2017
Sci-tech | By Carrie Guzman

Updating macOS can bring back the nasty "root" security bug

Updating macOS can bring back the nasty

The previous version of the operating system didn't appear to be affected by the bug. It's not often that we such glaring security issues prop up from the Apple camp, but the folks in Cupertino really screwed the pooch - so to speak - when it comes to macOS High Sierra. But he found that, until he rebooted, he could even then type "root" without a password to entirely bypass High Sierra's security protections.

This has been an incredibly terrible week for Apple's operating systems.

The solution is a simple one - but one that has not been made sufficient clear by Apple.

One small bright spot may be that the vulnerability requires local access and appears hard, though not impossible, to exploit remotely. However, if your device is running the 10.13.2 beta, you will likely have to wait until the next build is released.

Soon after the discovery of the vulnerability, an Apple representative told reporters MacRumors that the company is aware of the issue and is working on a software update to fix it. This, in particular, provides access to the login screen in Mac blocked. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012.

Tests of the flaw indicated that it could be used to alter a user's system settings that normally require a chosen username and password.

Videos posted online show people in the users and groups box typing the username'root at the login screen leaving the password field empty and appearing to get unrestricted access to the machine
Updating macOS can bring back the nasty “root” security bug

In a Medium post today, Ergin today said his Twitter disclosure about the Mac bug was met with "many reactions like a blast".

A major bug has been discovered in macOS High Sierra that can allow anyone to log in as root without a password.

"A password prompt that authenticates as root with an empty password would be a black eye for any OS".

"Oh my god that should not work but it does", another user responded yesterday on the forum.

It's believed that the first time you click Unlock the root account is enabled and the second time you click unlock you gain access. In order to avoid problems, you need to make sure that you've upgraded to High Sierra 10.13.1, then install the patch and then reboot your computer.

UGA will play Oklahoma in the College Football Playoff
Mayfield has completed 71 percent of his passes for 4,340 yards and 46 total touchdowns with only five interceptions. Westgate is slightly more bullish on the Sooners, and had Oklahoma opening as a three point favorite.

Like this: