lakeelmoleader.com
lakeelmoleader.com December 12, 2017


MacOS High Sierra bug allows full admin access without a password

29 November 2017, 01:09 | Ruben Fields

macOS High Sierra security vulnerability discovered, here's how to set root password for fix

Lemi Orhan Ergin on Twitter:

However, The Verge has been able to confirm the major security issue remains present as of MacOS 10.13.1, the current release of High Sierra. That is the full Unix root account, which has superuser privileges that enable it to see and modify any file in any account.

Many people have confirmed Ergin's discovery, and if you're running High Sierra, you can check it yourself. "Never mind one from a security and privacy-conscious company such as Apple", Steve Troughton-Smith, a Mac software developer, wrote on Twitter.

That's not all. If your Mac displays the name and password fields on the login window, instead of a list of users, you can also log into the entire Mac as root, without a password. The previous version of the operating system didn't appear to be affected by the bug.

"We are working on a software update to address this issue", explained Apple when reached for comment.

To do so, open the System Preferences and click on the "Users & Groups" option.

Black Friday brawls shutter malls early, cause festive chaos
According to Hoover Police, law enforcement was called to the Riverchase Galleria after a fight was reported at the Buckle store. Many people in Alabama do not even have to wait for the balances of the Friday insane to fight in a store on Thursday evening.

Let's make this clear: this is a huge mistake on Apple's part, even if there's a relatively simple fix.

Go to System Preferences then click Users & Groups (or Accounts). But The Verge offered a solution: Create a new system administrator password. However, there is a workaround that will provide users with some additional security to prevent against unauthorized logins: users can enable a root account that requires a password to gain access.

Click the lock button, then enter your username and password when prompted.

Enter "root" again with no password. Click Login Options then click Join (or Edit).

You can patch this problem right now by creating a root account manually and giving it a secure password. In another lapse, Directory Utility lets you set the root password to blank - just leave both fields empty and click OK.



Other News

Trending Now

Online Black Friday sales top $1.52 billion, less frenzy at United States stores
That nearly certainly front-loaded some brick-and-mortar sales that may otherwise have occurred over the Thanksgiving weekend. They've also made a big push toward offering store pickup for online orders, hoping to get people to pick up more items.

Dwight Howard fined 35K for obscene gesture
San Antonio lost their last game to the New Orleans Pelicans , 107 - 90; Down 15, Pelicans rally to lead by 30 in 4th. His decision to change kicks, albeit a bit superstitious, paid off in the form of a 57th career triple-double.

Amazon Web Services launches platform to build AR, VR and 3D apps
Being a browser-based tool for now, Amazon Sumerian would allow developers to use the 3D models in VR and AR applications. Hardware including the Oculus Rift , HTC Vive , and iOS devices support the content created with Sumerian.

Unions Call for ILO Convention on Gender-Based Violence
Nearly half of the women who were killed in 2012 were killed by either partners or family members, compared to 6% of men. Together we can ensure that women and girls everywhere can live free of violence.

Tennessee settles on other ex-Bucs coach: Greg Schiano's back
Schiano developed a relationship with Currie when he was out of coaching for two seasons following his short tenure in Tampa. Schiano was hired by the Buccaneers following the 2011 season, but he was sacked after two seasons with an 11-21 record.

Man City boss Pep Guardiola: Comeback win proves we are worthy champions
Because he's young, still can improve and he's winning games - now he's a winning player". Because there are games every three days and you have to play a lot of games like this.

Top US officials to skip Hyderabad Summit with Ivanka Trump-led delegation
India's Prime Minister, Narendra Modi , along with Ivanka Trump will inaugurate the three - day GES summit held at Hyderabad . More than 10 countries will be represented by all-women delegation, including Afghanistan, Saudi Arabia, and Israel.

New Florida coach Dan Mullen arrives with smile, title ring
He also worked at Florida previously as an assistant during the extremely successful Urban Meyer era. But Kelly chose UCLA over Florida on Saturday, and Stricklin was left to look elsewhere.

First lady Melania Trump unveils sneak peek at White House holiday decorations
She only has nine staff members who assist her, far less than previous first ladies, Michelle Obama and Barbara Bush. However, a spokesman for the First Lady said Trump was "honoured" by her role.

3 killed, 9 injured as passenger train derails in northern India
Railway Minister Piyush Goyal expressed grief over the accident and extended his condolences to the families of the deceased. The nation today woke up to the news of yet another train accident in Uttar Pradesh which has now become a frequent affair.