mac OS HS vulnerability
classic - it sounds like a similar thing to the old windows XP "administrator" account vulnerability. Anyone with a mac might want to set a root password
http://www.bbc.co.uk/news/technology-42161823
I like the fact they explain to people how to exploit the vulnerability
Originally Posted by BBC
I like even more that, immediately after they explain the exploit, they point out that the original person to do so has been highly criticised by the computer security industry. It's like, they know it's a bad thing to tell people how to do this, but someone else has already said something so surely it's OK now...
... I like the fact they explain to people how to exploit the vulnerability
Yeah, kind of ironic, but in fairness once the exploit is in the wild it is better to warn as many people as quickly as possible, both of the need to act, and the potential risk/severity of not taking action.
and when one article on their website wasn't enough...
http://www.bbc.co.uk/news/technology-42166438
You do have to have to root account enabled - by default it is disabled, however a user with admin privileges can enable it, and should then set a password.
Most *nix systems insist on setting a root password as part of the setup routine.
(\__/)
(='.'=)
(")_(")
Been helped or just 'Like' a post? Use the Thanks button!
My broadband speed - 750 Meganibbles/minute
From the info in the bbc articles it makes it sound like High Sierra automatically enabled it. The guy who posted it in the apple forum thread says he was a normal user, and makes no indication that he'd chosen to enable root access.
Sure, we don't have the full story, but this sounds a bit more serious than "only affects people who have deliberately chosen to enable root"....
peterb (29-11-2017)
You are right - I've just checked mine a bit more carefully, it is possible to log in as root from one of the system preferences applications. Ive jus set a root password on my mac, and the disabled root access!
It does require physical access to the machine - but better safe than sorry!
(\__/)
(='.'=)
(")_(")
Been helped or just 'Like' a post? Use the Thanks button!
My broadband speed - 750 Meganibbles/minute
Apparently it can also be done from a remote connection. Or worse via CLI so an executable can do it.You are right - I've just checked mine a bit more carefully, it is possible to log in as root from one of the system preferences applications. Ive jus set a root password on my mac, and the disabled root access!
It does require physical access to the machine - but better safe than sorry!
Yes, if you have enabled remote access, or have installed malware. Its certainly a serious flaw - easily fixed by a user though, and I expect there will be an update out in the very near future. Just shows you can never be complacent whatever the OS. (as the shellshock bug demonstrated last year)
Edit: Looks as if the patch has been released.
(\__/)
(='.'=)
(")_(")
Been helped or just 'Like' a post? Use the Thanks button!
My broadband speed - 750 Meganibbles/minute
An Apple patch... would that be an i-patch?
peterb (29-11-2017)
Here’s your coat....
(\__/)
(='.'=)
(")_(")
Been helped or just 'Like' a post? Use the Thanks button!
My broadband speed - 750 Meganibbles/minute
What sort of coat? A mac perhaps?Here’s your coat....
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote