![]() Exploiting the vulnerability was also not possible when a Mac was turned on and the screen was password protected. When full-disk encryption is turned off, an untrusted user can turn on a Mac that's fully powered down and log in as root. The password bypass can be exploited in a variety of ways, depending on the way the targeted Mac has been set up. The flaw isn't present on previous macOS versions. Ars reporters were able to replicate the behavior multiple times on three Macs. With that-after a few tries in some cases-the latest version of Apple's operating system logs the user in with root privileges. The bypass works by putting the word "root" (without the quotes) in the user name field of a login window, moving the cursor into the password field, and then hitting enter button with the password field empty. ![]() In one of Apple's biggest security blunders in years, a bug in macOS High Sierra allows untrusted users to gain unfettered administrative control without any password. What follows is the story as written before the patch was available. Installing the patch immediately is the best way for Mac users to protect themselves and supersedes any mitigation advice. Update 9:47 AM California time: Apple patched the flaw on Wednesday morning.
0 Comments
Leave a Reply. |