Major Security Bug Lets Anyone Attain Root Privileges on a Mac Running High Sierra

 

MacOS High Sierra has had its fair share of security controversies ever since Apple made it public a few months ago. However, it seems like we’re not done just yet. A new critical bug has been discovered by Turkish software developer Lemi Orhan Ergin‏. It essentially allows anyone with physical access to your Mac, obtain admin privileges by simply typing “root” in the username field and tapping the “unlock” button a bunch of times. Yes, it’s serious.

macbook-pro-touch-bar-4

Therefore, for instance, if someone enters the guest mode and follows the trick, he or she can read or edit all the files, alter settings, delete other users, basically just about anything the owner could. The vulnerability currently affects only Macs running on the latest High Sierra update. Hence, if you were hesitating to update, you probably should wait for another month or so. While I personally couldn’t test it out since it doesn’t affect every Mac and I was one of the lucky ones, a multitude of users and researchers have come forward on Twitter acknowledging the bug.

In a statement released hours ago, Apple has confirmed the issue and will be issuing a temporary fix soon. Long-term patch will be released sometime later. “We are working on a software update to address this issue,” added the Apple spokesperson.

 

How to Protect Your Mac From the High Sierra Root Bug

You can, however, still protect your computer by enabling an additional layer of setting. To do that, head over to System Preferences and look for “User & Groups”. Then, tap “Login Options” > Join > Open Directory Utility > Edit in the menu bar. If the item is disabled, make sure you’ve clicked the lock icon for authentication. Turn on the Root User if you haven’t already and if you have, change the Root Password.

macos-high-sierra-root-hack-fix

This isn’t the first time, as I mentioned, High Sierra has been plagued by a critical loophole. On the day of its launch, people found a piece of malicious code on the operating system which was capable of acquiring the contents of its keychain without a password. Another one was when a bug displayed the user’s password itself as the hint when they tried to unlock an encrypted partition. For a company who has predominantly excelled at protecting its user’s privacy, these revelations are indeed quite shocking.

The post Major Security Bug Lets Anyone Attain Root Privileges on a Mac Running High Sierra appeared first on Android News.

Check Also

Download OxygenOS 5.0.8 for OnePlus 3 and OnePlus 3T

Latest Oreo-based OxygenOS 5.0.8 update for OnePlus 3 and OnePlus 3T starts rolling out. The OxygenOS 5.0.8 update fixes general bugs and brings system improvements and brings November 2018 Security Patch. Download OxygenOS 5.0.8 for OnePlus 3 and OnePlus 3T from below. The update is rolling out via OTA (over-the-air) and many users already getting OxygenOS 5.0.8 for OnePlus 3T. The update is incremental and rolls out in phase wise manner. You can wait for the OTA updates, or you can Update Oneplus 3/3T to OxygenOS 5.0.8 manually with below method. Download OxygenOS 5.0.8 for OnePlus 3 and OnePlus 3T from below. The new OxygenOS 5.0.8 for OnePlus 3T and OnePlus 3 fixes general bugs and brings system improvements. (Check the complete changelogs from below). We provide you the OxygenOS 5.0.8 OTA file which you can flash on your device. So if you want to update your OnePlus to the latest version then Download OxygenOS 5.0.8 for OnePlus 3 and OnePlus 3T from below. Check below what’s new..

Leave a Reply

Your email address will not be published. Required fields are marked *