Results 1 to 12 of 12

Thread: mac OS HS vulnerability

  1. #1
    Senior Member
    Join Date
    Nov 2009
    Posts
    4,216
    Thanks
    991
    Thanked
    535 times in 415 posts
    • ik9000's system
      • Motherboard:
      • Asus P7H55-M/USB3
      • CPU:
      • i7-870, Prolimatech Megahalems, 2x Akasa Apache 120mm
      • Memory:
      • 4x4GB Corsair Vengeance 2133 11-11-11-27
      • Storage:
      • 2x256GB Samsung 840-Pro, 1TB Seagate 7200.12, 1TB Seagate ES.2
      • Graphics card(s):
      • Gigabyte GTX 460 1GB SuperOverClocked
      • PSU:
      • NZXT Hale 90 750w
      • Case:
      • BitFenix Survivor + Bitfenix spectre LED fans, LG BluRay R/W optical drive
      • Operating System:
      • Windows 7 Professional
      • Monitor(s):
      • Dell U2414h, U2311h 1920x1080
      • Internet:
      • 200Mb/s Fibre and 4G wifi

    Exclamation mac OS HS vulnerability

    classic - it sounds like a similar thing to the old windows XP "administrator" account vulnerability. Anyone with a mac might want to set a root password

    http://www.bbc.co.uk/news/technology-42161823

    I like the fact they explain to people how to exploit the vulnerability

    Quote Originally Posted by BBC
    The flaw in MacOS High Sierra - the most recent version - makes it possible to gain entry to the machine without a password, and also have access to powerful administrator rights...

    ...by entering the username "root", leaving the password field blank, and hitting "enter" a few times, he would be granted unrestricted access to the target machine.

  2. #2
    Not a good person scaryjim's Avatar
    Join Date
    Jan 2009
    Location
    Manchester
    Posts
    14,282
    Thanks
    1,126
    Thanked
    2,073 times in 1,721 posts
    • scaryjim's system
      • Motherboard:
      • HP Pavilion
      • CPU:
      • A10 4600M
      • Memory:
      • 2x 4GB DDR3-1600 SODIMM
      • Storage:
      • 1TB HDD
      • Graphics card(s):
      • Radeon HD7660G (IGP)
      • PSU:
      • Battery/HP 19v brick
      • Case:
      • HP Pavilion G6
      • Operating System:
      • Windows 10
      • Monitor(s):
      • 15" 1366x768 laptop panel

    Re: mac OS HS vulnerability

    Quote Originally Posted by ik9000 View Post
    ... I like the fact they explain to people how to exploit the vulnerability
    I like even more that, immediately after they explain the exploit, they point out that the original person to do so has been highly criticised by the computer security industry. It's like, they know it's a bad thing to tell people how to do this, but someone else has already said something so surely it's OK now...

  3. #3
    Senior Member
    Join Date
    Nov 2009
    Posts
    4,216
    Thanks
    991
    Thanked
    535 times in 415 posts
    • ik9000's system
      • Motherboard:
      • Asus P7H55-M/USB3
      • CPU:
      • i7-870, Prolimatech Megahalems, 2x Akasa Apache 120mm
      • Memory:
      • 4x4GB Corsair Vengeance 2133 11-11-11-27
      • Storage:
      • 2x256GB Samsung 840-Pro, 1TB Seagate 7200.12, 1TB Seagate ES.2
      • Graphics card(s):
      • Gigabyte GTX 460 1GB SuperOverClocked
      • PSU:
      • NZXT Hale 90 750w
      • Case:
      • BitFenix Survivor + Bitfenix spectre LED fans, LG BluRay R/W optical drive
      • Operating System:
      • Windows 7 Professional
      • Monitor(s):
      • Dell U2414h, U2311h 1920x1080
      • Internet:
      • 200Mb/s Fibre and 4G wifi

    Re: mac OS HS vulnerability

    Quote Originally Posted by scaryjim View Post
    I like even more that, immediately after they explain the exploit, they point out that the original person to do so has been highly criticised by the computer security industry. It's like, they know it's a bad thing to tell people how to do this, but someone else has already said something so surely it's OK now...
    Yeah, kind of ironic, but in fairness once the exploit is in the wild it is better to warn as many people as quickly as possible, both of the need to act, and the potential risk/severity of not taking action.

  4. #4
    Senior Member
    Join Date
    Nov 2009
    Posts
    4,216
    Thanks
    991
    Thanked
    535 times in 415 posts
    • ik9000's system
      • Motherboard:
      • Asus P7H55-M/USB3
      • CPU:
      • i7-870, Prolimatech Megahalems, 2x Akasa Apache 120mm
      • Memory:
      • 4x4GB Corsair Vengeance 2133 11-11-11-27
      • Storage:
      • 2x256GB Samsung 840-Pro, 1TB Seagate 7200.12, 1TB Seagate ES.2
      • Graphics card(s):
      • Gigabyte GTX 460 1GB SuperOverClocked
      • PSU:
      • NZXT Hale 90 750w
      • Case:
      • BitFenix Survivor + Bitfenix spectre LED fans, LG BluRay R/W optical drive
      • Operating System:
      • Windows 7 Professional
      • Monitor(s):
      • Dell U2414h, U2311h 1920x1080
      • Internet:
      • 200Mb/s Fibre and 4G wifi

    Re: mac OS HS vulnerability

    and when one article on their website wasn't enough...
    http://www.bbc.co.uk/news/technology-42166438

  5. #5
    Admin Team peterb's Avatar
    Join Date
    Aug 2005
    Location
    Southampton
    Posts
    17,099
    Thanks
    2,180
    Thanked
    2,756 times in 2,207 posts
    • peterb's system
      • Motherboard:
      • Nascom 2
      • CPU:
      • Z80B
      • Memory:
      • 48K 8 bit memory on separate card
      • Storage:
      • Audio cassette tape - home built 5.25" floppy drive
      • Graphics card(s):
      • text output (composite video)
      • PSU:
      • Home built
      • Case:
      • Home built
      • Operating System:
      • Nas-sys
      • Monitor(s):
      • 12" monocrome composite video input
      • Internet:
      • No networking capability on this machine

    Re: mac OS HS vulnerability

    You do have to have to root account enabled - by default it is disabled, however a user with admin privileges can enable it, and should then set a password.

    Most *nix systems insist on setting a root password as part of the setup routine.
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  6. #6
    Not a good person scaryjim's Avatar
    Join Date
    Jan 2009
    Location
    Manchester
    Posts
    14,282
    Thanks
    1,126
    Thanked
    2,073 times in 1,721 posts
    • scaryjim's system
      • Motherboard:
      • HP Pavilion
      • CPU:
      • A10 4600M
      • Memory:
      • 2x 4GB DDR3-1600 SODIMM
      • Storage:
      • 1TB HDD
      • Graphics card(s):
      • Radeon HD7660G (IGP)
      • PSU:
      • Battery/HP 19v brick
      • Case:
      • HP Pavilion G6
      • Operating System:
      • Windows 10
      • Monitor(s):
      • 15" 1366x768 laptop panel

    Re: mac OS HS vulnerability

    Quote Originally Posted by peterb View Post
    You do have to have to root account enabled - by default it is disabled ...
    From the info in the bbc articles it makes it sound like High Sierra automatically enabled it. The guy who posted it in the apple forum thread says he was a normal user, and makes no indication that he'd chosen to enable root access.

    Sure, we don't have the full story, but this sounds a bit more serious than "only affects people who have deliberately chosen to enable root"....

  7. Received thanks from:

    peterb (29-11-2017)

  8. #7
    Admin Team peterb's Avatar
    Join Date
    Aug 2005
    Location
    Southampton
    Posts
    17,099
    Thanks
    2,180
    Thanked
    2,756 times in 2,207 posts
    • peterb's system
      • Motherboard:
      • Nascom 2
      • CPU:
      • Z80B
      • Memory:
      • 48K 8 bit memory on separate card
      • Storage:
      • Audio cassette tape - home built 5.25" floppy drive
      • Graphics card(s):
      • text output (composite video)
      • PSU:
      • Home built
      • Case:
      • Home built
      • Operating System:
      • Nas-sys
      • Monitor(s):
      • 12" monocrome composite video input
      • Internet:
      • No networking capability on this machine

    Re: mac OS HS vulnerability

    Quote Originally Posted by scaryjim View Post
    From the info in the bbc articles it makes it sound like High Sierra automatically enabled it. The guy who posted it in the apple forum thread says he was a normal user, and makes no indication that he'd chosen to enable root access.

    Sure, we don't have the full story, but this sounds a bit more serious than "only affects people who have deliberately chosen to enable root"....
    You are right - I've just checked mine a bit more carefully, it is possible to log in as root from one of the system preferences applications. Ive jus set a root password on my mac, and the disabled root access!

    It does require physical access to the machine - but better safe than sorry!
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  9. #8
    Senior Member
    Join Date
    Sep 2014
    Location
    Darkest Northamptonshire
    Posts
    399
    Thanks
    39
    Thanked
    67 times in 53 posts
    • spacein_vader's system
      • Motherboard:
      • Asus B85M-G
      • CPU:
      • i5 4460 3.2GHz
      • Memory:
      • 4x4GB Crucial DDR3 1600
      • Storage:
      • 128GB SSD, 256GB SSD
      • Graphics card(s):
      • Asus RX-480 Dual OC 4GB
      • PSU:
      • Corsair HX 520W modular
      • Case:
      • Antec Mini P180
      • Operating System:
      • Windows 10 Pro
      • Monitor(s):
      • BenQ GW2765, Dell Ultrasharp U2412
      • Internet:
      • Origin Fibre Max

    Re: mac OS HS vulnerability

    Quote Originally Posted by peterb View Post
    You are right - I've just checked mine a bit more carefully, it is possible to log in as root from one of the system preferences applications. Ive jus set a root password on my mac, and the disabled root access!

    It does require physical access to the machine - but better safe than sorry!
    Apparently it can also be done from a remote connection. Or worse via CLI so an executable can do it.

  10. #9
    Admin Team peterb's Avatar
    Join Date
    Aug 2005
    Location
    Southampton
    Posts
    17,099
    Thanks
    2,180
    Thanked
    2,756 times in 2,207 posts
    • peterb's system
      • Motherboard:
      • Nascom 2
      • CPU:
      • Z80B
      • Memory:
      • 48K 8 bit memory on separate card
      • Storage:
      • Audio cassette tape - home built 5.25" floppy drive
      • Graphics card(s):
      • text output (composite video)
      • PSU:
      • Home built
      • Case:
      • Home built
      • Operating System:
      • Nas-sys
      • Monitor(s):
      • 12" monocrome composite video input
      • Internet:
      • No networking capability on this machine

    Re: mac OS HS vulnerability

    Quote Originally Posted by spacein_vader View Post
    Apparently it can also be done from a remote connection. Or worse via CLI so an executable can do it.
    Yes, if you have enabled remote access, or have installed malware. Its certainly a serious flaw - easily fixed by a user though, and I expect there will be an update out in the very near future. Just shows you can never be complacent whatever the OS. (as the shellshock bug demonstrated last year)

    Edit: Looks as if the patch has been released.
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  11. #10
    Senior Member
    Join Date
    Nov 2009
    Posts
    4,216
    Thanks
    991
    Thanked
    535 times in 415 posts
    • ik9000's system
      • Motherboard:
      • Asus P7H55-M/USB3
      • CPU:
      • i7-870, Prolimatech Megahalems, 2x Akasa Apache 120mm
      • Memory:
      • 4x4GB Corsair Vengeance 2133 11-11-11-27
      • Storage:
      • 2x256GB Samsung 840-Pro, 1TB Seagate 7200.12, 1TB Seagate ES.2
      • Graphics card(s):
      • Gigabyte GTX 460 1GB SuperOverClocked
      • PSU:
      • NZXT Hale 90 750w
      • Case:
      • BitFenix Survivor + Bitfenix spectre LED fans, LG BluRay R/W optical drive
      • Operating System:
      • Windows 7 Professional
      • Monitor(s):
      • Dell U2414h, U2311h 1920x1080
      • Internet:
      • 200Mb/s Fibre and 4G wifi

    Re: mac OS HS vulnerability

    Quote Originally Posted by peterb View Post
    Yes, if you have enabled remote access, or have installed malware. Its certainly a serious flaw - easily fixed by a user though, and I expect there will be an update out in the very near future. Just shows you can never be complacent whatever the OS. (as the shellshock bug demonstrated last year)

    Edit: Looks as if the patch has been released.
    An Apple patch... would that be an i-patch?

  12. Received thanks from:

    peterb (29-11-2017)

  13. #11
    Admin Team peterb's Avatar
    Join Date
    Aug 2005
    Location
    Southampton
    Posts
    17,099
    Thanks
    2,180
    Thanked
    2,756 times in 2,207 posts
    • peterb's system
      • Motherboard:
      • Nascom 2
      • CPU:
      • Z80B
      • Memory:
      • 48K 8 bit memory on separate card
      • Storage:
      • Audio cassette tape - home built 5.25" floppy drive
      • Graphics card(s):
      • text output (composite video)
      • PSU:
      • Home built
      • Case:
      • Home built
      • Operating System:
      • Nas-sys
      • Monitor(s):
      • 12" monocrome composite video input
      • Internet:
      • No networking capability on this machine

    Re: mac OS HS vulnerability

    Quote Originally Posted by ik9000 View Post
    An Apple patch... would that be an i-patch?
    Here’s your coat....
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  14. #12
    Senior Member
    Join Date
    Sep 2014
    Location
    Darkest Northamptonshire
    Posts
    399
    Thanks
    39
    Thanked
    67 times in 53 posts
    • spacein_vader's system
      • Motherboard:
      • Asus B85M-G
      • CPU:
      • i5 4460 3.2GHz
      • Memory:
      • 4x4GB Crucial DDR3 1600
      • Storage:
      • 128GB SSD, 256GB SSD
      • Graphics card(s):
      • Asus RX-480 Dual OC 4GB
      • PSU:
      • Corsair HX 520W modular
      • Case:
      • Antec Mini P180
      • Operating System:
      • Windows 10 Pro
      • Monitor(s):
      • BenQ GW2765, Dell Ultrasharp U2412
      • Internet:
      • Origin Fibre Max

    Re: mac OS HS vulnerability

    Quote Originally Posted by peterb View Post
    Here’s your coat....
    What sort of coat? A mac perhaps?

  15. Received thanks from:

    ik9000 (29-11-2017),peterb (29-11-2017)

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •