Latest
Recommended
Published: Чт, Ноября 30, 2017
Science | By Carlton Santiago

You Should Download Apple's New Mac Security Update Immediately

You Should Download Apple's New Mac Security Update Immediately

Developer Lemi Orhan Ergin publicly informed Apple about the security issue via Twitter on November 28, and was criticized by some for doing so out of fear that the bug would be more widely exploited.

Logging in with administrator rights requires little more than entering root as the username, and leaving the password field empty. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012.

The vulnerability was discovered by Turkish developer Lemi Orhan, who found that the Mac log-in screen can be cracked simply by entering the word "root" as a username and hitting enter twice, without having to enter a password.

The bug does not appear to affect previous versions of MacOS, including Sierra, El Capitan or any older versions. To mitigate the risk, users who've chose to test the bug should create a password for the new root account, which can be done by following the temporary fix Apple has provided.

Apple has responded to the reports and assures a software fix is on its way. Imagine a piece of malicious code created to attack Macs using the same flaw. "If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the "Change the root password" section". In the meantime, impacted users with admin access should type the following command from the terminal: '$ sudo passwd root'. Are you aware of it @Apple?'

Читайте также: Salvia coccinea - Wikipedia, the free encyclopedia

For reasons that aren't yet clear, you could trick macOS into letting you authenticate as root - the all-powerful system administration account that you aren't even supposed to use - with a password of...

But the fact that Apple could introduce a security hole the size of a truck into High Sierra is appalling. "This is really REALLY bad".

Apple has yet to comment on the issue and the company will undoubtedly rush a fix to users, but it's baffling that a security bug this severe would make it into a shipping product.

In the case of a fix for this latest vulnerability, "I would imagine [Apple] will be pushing it out as a high priority", Cluley said.

Apple issued a statement Wednesday apologizing for the flaw.

При любом использовании материалов сайта и дочерних проектов, гиперссылка на обязательна.
«» 2007 - 2017 Copyright.
Автоматизированное извлечение информации сайта запрещено.

Код для вставки в блог

Like this: