Results 1 to 12 of 12

Thread: mac OS HS vulnerability

  1. #1
    RIP Peterb ik9000's Avatar
    Join Date
    Nov 2009
    Posts
    7,743
    Thanks
    1,849
    Thanked
    1,442 times in 1,065 posts
    • ik9000's system
      • Motherboard:
      • Asus P7H55-M/USB3
      • CPU:
      • i7-870, Prolimatech Megahalems, 2x Akasa Apache 120mm
      • Memory:
      • 4x4GB Corsair Vengeance 2133 11-11-11-27
      • Storage:
      • 2x256GB Samsung 840-Pro, 1TB Seagate 7200.12, 1TB Seagate ES.2
      • Graphics card(s):
      • Gigabyte GTX 460 1GB SuperOverClocked
      • PSU:
      • NZXT Hale 90 750w
      • Case:
      • BitFenix Survivor + Bitfenix spectre LED fans, LG BluRay R/W optical drive
      • Operating System:
      • Windows 7 Professional
      • Monitor(s):
      • Dell U2414h, U2311h 1920x1080
      • Internet:
      • 200Mb/s Fibre and 4G wifi

    Exclamation mac OS HS vulnerability

    classic - it sounds like a similar thing to the old windows XP "administrator" account vulnerability. Anyone with a mac might want to set a root password

    http://www.bbc.co.uk/news/technology-42161823

    I like the fact they explain to people how to exploit the vulnerability

    Quote Originally Posted by BBC
    The flaw in MacOS High Sierra - the most recent version - makes it possible to gain entry to the machine without a password, and also have access to powerful administrator rights...

    ...by entering the username "root", leaving the password field blank, and hitting "enter" a few times, he would be granted unrestricted access to the target machine.

  2. #2
    Not a good person scaryjim's Avatar
    Join Date
    Jan 2009
    Location
    Gateshead
    Posts
    15,196
    Thanks
    1,232
    Thanked
    2,290 times in 1,873 posts
    • scaryjim's system
      • Motherboard:
      • Dell Inspiron
      • CPU:
      • Core i5 8250U
      • Memory:
      • 2x 4GB DDR4 2666
      • Storage:
      • 128GB M.2 SSD + 1TB HDD
      • Graphics card(s):
      • Radeon R5 230
      • PSU:
      • Battery/Dell brick
      • Case:
      • Dell Inspiron 5570
      • Operating System:
      • Windows 10
      • Monitor(s):
      • 15" 1080p laptop panel

    Re: mac OS HS vulnerability

    Quote Originally Posted by ik9000 View Post
    ... I like the fact they explain to people how to exploit the vulnerability
    I like even more that, immediately after they explain the exploit, they point out that the original person to do so has been highly criticised by the computer security industry. It's like, they know it's a bad thing to tell people how to do this, but someone else has already said something so surely it's OK now...

  3. #3
    RIP Peterb ik9000's Avatar
    Join Date
    Nov 2009
    Posts
    7,743
    Thanks
    1,849
    Thanked
    1,442 times in 1,065 posts
    • ik9000's system
      • Motherboard:
      • Asus P7H55-M/USB3
      • CPU:
      • i7-870, Prolimatech Megahalems, 2x Akasa Apache 120mm
      • Memory:
      • 4x4GB Corsair Vengeance 2133 11-11-11-27
      • Storage:
      • 2x256GB Samsung 840-Pro, 1TB Seagate 7200.12, 1TB Seagate ES.2
      • Graphics card(s):
      • Gigabyte GTX 460 1GB SuperOverClocked
      • PSU:
      • NZXT Hale 90 750w
      • Case:
      • BitFenix Survivor + Bitfenix spectre LED fans, LG BluRay R/W optical drive
      • Operating System:
      • Windows 7 Professional
      • Monitor(s):
      • Dell U2414h, U2311h 1920x1080
      • Internet:
      • 200Mb/s Fibre and 4G wifi

    Re: mac OS HS vulnerability

    Quote Originally Posted by scaryjim View Post
    I like even more that, immediately after they explain the exploit, they point out that the original person to do so has been highly criticised by the computer security industry. It's like, they know it's a bad thing to tell people how to do this, but someone else has already said something so surely it's OK now...
    Yeah, kind of ironic, but in fairness once the exploit is in the wild it is better to warn as many people as quickly as possible, both of the need to act, and the potential risk/severity of not taking action.

  4. #4
    RIP Peterb ik9000's Avatar
    Join Date
    Nov 2009
    Posts
    7,743
    Thanks
    1,849
    Thanked
    1,442 times in 1,065 posts
    • ik9000's system
      • Motherboard:
      • Asus P7H55-M/USB3
      • CPU:
      • i7-870, Prolimatech Megahalems, 2x Akasa Apache 120mm
      • Memory:
      • 4x4GB Corsair Vengeance 2133 11-11-11-27
      • Storage:
      • 2x256GB Samsung 840-Pro, 1TB Seagate 7200.12, 1TB Seagate ES.2
      • Graphics card(s):
      • Gigabyte GTX 460 1GB SuperOverClocked
      • PSU:
      • NZXT Hale 90 750w
      • Case:
      • BitFenix Survivor + Bitfenix spectre LED fans, LG BluRay R/W optical drive
      • Operating System:
      • Windows 7 Professional
      • Monitor(s):
      • Dell U2414h, U2311h 1920x1080
      • Internet:
      • 200Mb/s Fibre and 4G wifi

    Re: mac OS HS vulnerability

    and when one article on their website wasn't enough...
    http://www.bbc.co.uk/news/technology-42166438

  5. #5
    The late but legendary peterb - Onward and Upward peterb's Avatar
    Join Date
    Aug 2005
    Location
    Looking down & checking on swearing
    Posts
    19,378
    Thanks
    2,892
    Thanked
    3,403 times in 2,693 posts

    Re: mac OS HS vulnerability

    You do have to have to root account enabled - by default it is disabled, however a user with admin privileges can enable it, and should then set a password.

    Most *nix systems insist on setting a root password as part of the setup routine.
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  6. #6
    Not a good person scaryjim's Avatar
    Join Date
    Jan 2009
    Location
    Gateshead
    Posts
    15,196
    Thanks
    1,232
    Thanked
    2,290 times in 1,873 posts
    • scaryjim's system
      • Motherboard:
      • Dell Inspiron
      • CPU:
      • Core i5 8250U
      • Memory:
      • 2x 4GB DDR4 2666
      • Storage:
      • 128GB M.2 SSD + 1TB HDD
      • Graphics card(s):
      • Radeon R5 230
      • PSU:
      • Battery/Dell brick
      • Case:
      • Dell Inspiron 5570
      • Operating System:
      • Windows 10
      • Monitor(s):
      • 15" 1080p laptop panel

    Re: mac OS HS vulnerability

    Quote Originally Posted by peterb View Post
    You do have to have to root account enabled - by default it is disabled ...
    From the info in the bbc articles it makes it sound like High Sierra automatically enabled it. The guy who posted it in the apple forum thread says he was a normal user, and makes no indication that he'd chosen to enable root access.

    Sure, we don't have the full story, but this sounds a bit more serious than "only affects people who have deliberately chosen to enable root"....

  7. Received thanks from:

    peterb (29-11-2017)

  8. #7
    The late but legendary peterb - Onward and Upward peterb's Avatar
    Join Date
    Aug 2005
    Location
    Looking down & checking on swearing
    Posts
    19,378
    Thanks
    2,892
    Thanked
    3,403 times in 2,693 posts

    Re: mac OS HS vulnerability

    Quote Originally Posted by scaryjim View Post
    From the info in the bbc articles it makes it sound like High Sierra automatically enabled it. The guy who posted it in the apple forum thread says he was a normal user, and makes no indication that he'd chosen to enable root access.

    Sure, we don't have the full story, but this sounds a bit more serious than "only affects people who have deliberately chosen to enable root"....
    You are right - I've just checked mine a bit more carefully, it is possible to log in as root from one of the system preferences applications. Ive jus set a root password on my mac, and the disabled root access!

    It does require physical access to the machine - but better safe than sorry!
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  9. #8
    Missed by us all - RIP old boy spacein_vader's Avatar
    Join Date
    Sep 2014
    Location
    Darkest Northamptonshire
    Posts
    2,015
    Thanks
    184
    Thanked
    1,086 times in 410 posts
    • spacein_vader's system
      • Motherboard:
      • MSI B450 Tomahawk Max
      • CPU:
      • Ryzen 5 3600
      • Memory:
      • 2x8GB Patriot Steel DDR4 3600mhz
      • Storage:
      • 1tb Sabrent Rocket NVMe (boot), 500GB Crucial MX100, 1TB Crucial MX200
      • Graphics card(s):
      • Gigabyte Radeon RX5700 Gaming OC
      • PSU:
      • Corsair HX 520W modular
      • Case:
      • Fractal Design Meshify C
      • Operating System:
      • Windows 10 Pro
      • Monitor(s):
      • BenQ GW2765, Dell Ultrasharp U2412
      • Internet:
      • Zen Internet

    Re: mac OS HS vulnerability

    Quote Originally Posted by peterb View Post
    You are right - I've just checked mine a bit more carefully, it is possible to log in as root from one of the system preferences applications. Ive jus set a root password on my mac, and the disabled root access!

    It does require physical access to the machine - but better safe than sorry!
    Apparently it can also be done from a remote connection. Or worse via CLI so an executable can do it.

  10. #9
    The late but legendary peterb - Onward and Upward peterb's Avatar
    Join Date
    Aug 2005
    Location
    Looking down & checking on swearing
    Posts
    19,378
    Thanks
    2,892
    Thanked
    3,403 times in 2,693 posts

    Re: mac OS HS vulnerability

    Quote Originally Posted by spacein_vader View Post
    Apparently it can also be done from a remote connection. Or worse via CLI so an executable can do it.
    Yes, if you have enabled remote access, or have installed malware. Its certainly a serious flaw - easily fixed by a user though, and I expect there will be an update out in the very near future. Just shows you can never be complacent whatever the OS. (as the shellshock bug demonstrated last year)

    Edit: Looks as if the patch has been released.
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  11. #10
    RIP Peterb ik9000's Avatar
    Join Date
    Nov 2009
    Posts
    7,743
    Thanks
    1,849
    Thanked
    1,442 times in 1,065 posts
    • ik9000's system
      • Motherboard:
      • Asus P7H55-M/USB3
      • CPU:
      • i7-870, Prolimatech Megahalems, 2x Akasa Apache 120mm
      • Memory:
      • 4x4GB Corsair Vengeance 2133 11-11-11-27
      • Storage:
      • 2x256GB Samsung 840-Pro, 1TB Seagate 7200.12, 1TB Seagate ES.2
      • Graphics card(s):
      • Gigabyte GTX 460 1GB SuperOverClocked
      • PSU:
      • NZXT Hale 90 750w
      • Case:
      • BitFenix Survivor + Bitfenix spectre LED fans, LG BluRay R/W optical drive
      • Operating System:
      • Windows 7 Professional
      • Monitor(s):
      • Dell U2414h, U2311h 1920x1080
      • Internet:
      • 200Mb/s Fibre and 4G wifi

    Re: mac OS HS vulnerability

    Quote Originally Posted by peterb View Post
    Yes, if you have enabled remote access, or have installed malware. Its certainly a serious flaw - easily fixed by a user though, and I expect there will be an update out in the very near future. Just shows you can never be complacent whatever the OS. (as the shellshock bug demonstrated last year)

    Edit: Looks as if the patch has been released.
    An Apple patch... would that be an i-patch?

  12. Received thanks from:

    peterb (29-11-2017)

  13. #11
    The late but legendary peterb - Onward and Upward peterb's Avatar
    Join Date
    Aug 2005
    Location
    Looking down & checking on swearing
    Posts
    19,378
    Thanks
    2,892
    Thanked
    3,403 times in 2,693 posts

    Re: mac OS HS vulnerability

    Quote Originally Posted by ik9000 View Post
    An Apple patch... would that be an i-patch?
    Here’s your coat....
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  14. #12
    Missed by us all - RIP old boy spacein_vader's Avatar
    Join Date
    Sep 2014
    Location
    Darkest Northamptonshire
    Posts
    2,015
    Thanks
    184
    Thanked
    1,086 times in 410 posts
    • spacein_vader's system
      • Motherboard:
      • MSI B450 Tomahawk Max
      • CPU:
      • Ryzen 5 3600
      • Memory:
      • 2x8GB Patriot Steel DDR4 3600mhz
      • Storage:
      • 1tb Sabrent Rocket NVMe (boot), 500GB Crucial MX100, 1TB Crucial MX200
      • Graphics card(s):
      • Gigabyte Radeon RX5700 Gaming OC
      • PSU:
      • Corsair HX 520W modular
      • Case:
      • Fractal Design Meshify C
      • Operating System:
      • Windows 10 Pro
      • Monitor(s):
      • BenQ GW2765, Dell Ultrasharp U2412
      • Internet:
      • Zen Internet

    Re: mac OS HS vulnerability

    Quote Originally Posted by peterb View Post
    Here’s your coat....
    What sort of coat? A mac perhaps?

  15. Received thanks from:

    ik9000 (29-11-2017),peterb (29-11-2017)

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •