Apple’s newest bug allows you to sign in to any macOS High Sierra account with just the username… by@jonluca
2,400 reads
Apple’s newest bug allows you to sign in to any macOS High Sierra account with just the username…
Read this story in a terminal
Print this story
Read this story w/o Javascript
Too Long; Didn't Read
The bug, found by Lemi Ergin, was originally posted to twitter on Tuesday morning. To replicate the bug, simply navigate to any prompt that requires elevated authentication, and replace the username with “root”, while leaving the password blank. Then repeatedly click unlock until it lets you through.Companies Mentioned
Apple
Gap
JonLuca De Caro
@jonluca
Director
The bug, found by Lemi Ergin, was originally posted to twitter on Tuesday morning. To replicate the bug, simply navigate to any prompt that requires elevated authentication, and replace the username with “root”, while leaving the password blank. Then repeatedly click unlock until it lets you through.
This allows you to sign in to any device running macOS High Sierra as the root superuser, bypassing all security mechanisms that are currently in place.
Entering “root” as the username and leaving the password blank gives you access after a few attempts
A temporary fix is to enable the root superuser with a password, although this is a stop gap measure. Apple is expected to publish a hotfix soon, with a patch for this major security vulnerability.
Additionally, you could change the root password from terminal with
sudo passwd -u root
L O A D I N G
. . . comments & more!
. . . comments & more!
About Author
TOPICS
THIS ARTICLE WAS FEATURED IN...
Mentioned in this story
RELATED STORIES
X REMOVE AD
