Horrifying macOS Bug Lets Anyone Become Admin With No Password

Credit IDG

"Twitter user Lemi Orhan Ergin, a software engineer out of Turkey tweeted that there was a "*HUGE*" security issue with High Sierra.

This is a critical bug that allows anyone on a Mac to log in and change the admin settings - using just the username "root" with no password.

What makes this flaw so unsafe is people are reporting it also allows for full keychain access and any login where a user name and password is required, even via remote access via OS X screenshare. Enter "root" as the username and leave the password field empty. It's the highest level of access, and the account is normally disabled.

A massive security hole affecting Mac computers running the latest version of MacOS High Sierra has been discovered.

Lemi Orhan Ergin on Twitter:

We can confirm the bug is present in macOS 10.13.1 and for anyone with a Mac in a public office space, you are urged to fix this by yourself, immediately.

Once a password has been set for the "root" account, the flaw that allows a person to login as "root" with no password will no longer work. Those running previous versions of MacOS including Sierra and Yosemite do not appear to be affected by the bug. Apple is generally good about patching issues like this quickly but for now, machines will remain vulnerable until they can push any updates.

Apple is yet to comment, but I suspect a quick trip to the locksmith is in order. The macOS login screen does not let you change the user name. Changing the root password is the workaround for now.

Related News:



Most liked

Nurse Who Posted A Racist Tweet No Longer At Hospital
Fox 59 News, however, in an editor's note said, "That's inaccurate as details around the decision are not known at this time". IU Health says a nurse tied to a series of troubling social media posts is no longer employed with their hospitals.

Black Friday Online Shopping Sales Hit Highest Mark Ever
According to Adobe, as reported by Reuters, TVs, laptops, toys and the PlayStation 4 were the top sellers during the usa sales. There was little sign of the wild shopper frenzy customary of Black Fridays from last years .

Deja vu as late Arsenal penalty sinks Burnley
That Arsenal's likeliest candidate was centre-half Shkodran Mustafi says plenty about the way they did business. This time some Gudmundsson trickery bought a yard and he crossed towards the lurking Ashley Barnes.

Bali volcano: Highest-level aviation warning, flights cancelled amid Mt Agung eruption
Bali is a popular tourist destination for many in the region, with thousands traveling to the island for end of year celebrations. However it warned that the movement of ash cloud is highly unpredictable and flights could still be cancelled at short notice.

Lamar Jackson and Kentucky Player Spark Huge Louisville-Kentucky Fight
Louisville retook the Governor's Cup from United Kingdom , who took it in Louisville last season after a 41-38 win. Unfortunately for United Kingdom , it wasn't enough to overcome the offensive attack Louisville poured on.

Tencent Will Publish PlayerUnknown's Battlegrounds in China, with Some Slight Alterations
Chinese tech giant Tencent promised to add "socialist core values" to the game in order to bypass the country's strict censors.

Courtois: Contract talks with Chelsea haven't developed
Courtois has made 125 appearances for the Blues in all competitions since linking up with the first team in 2014. Thibaut Courtois will delay further talks over a new Chelsea contract until the end of the season.

Stolen John Lennon items recovered in Berlin
Another suspect is reportedly Turkey and is "not available" for law enforcement actions, the AP noted. The second suspect is one of Ono's former chauffeurs who has a past conviction related to the theft.

Nebraska OK's Keystone XL Pipeline, but more obstacles in the horizon
TransCanada wants to build the almost 1,200-mile Keystone XL pipeline from Canada through several states, including South Dakota. Ongoing legal challenges to the project, and the change of route in Nebraska could add further complications.

Apple to miss holiday season with HomePod speaker
The first quarter of 2018 may see the speakers being shipped to the United States , the UK and the Australian markets. But voice control is created to work only with Apple Music, the company's $10 a month subscription service.

Trump floats another Georgia judge as possible Supreme Court pick
He said Trump takes advice on judicial nominees from several sources, including the Federalist Society and the Senate. White House counsel Don McGahn said the group reflects the Trump administration's vision of the judiciary.

Gerry Adams to announce retirement as Sinn Féin president today
Last night, the party voted in favour of a motion to hold a special conference on any decision to enter coalition government. Many believe Sinn Fein's popularity among voters is hampered by the presence of leaders from Ireland's era of Troubles.

George Clooney Will Star in and Direct 'Catch 22' Series
The episodes for the series have been written by Luke Davies and David Michod, who are also executive producing the project. George Clooney is returning to television, almost two decades since his last appearance on the hit medical drama ER.

'Ultimate completion of the nuclear force': North Korea rules out negotiations
United States lieutenant colonel serves as its commander, while South Korea's lieutenant colonel serves as his deputy. The soldier's condition was "not surprising at all considering the north's hygiene and parasite problems", he said.

Loftus-Cheek feeling less pressurised at Crystal Palace
England are a very strong team with young players, quality players. "A very good player", Willian said. They can improve a lot, like us.