The flaw could means anyone can log in to a computer running MacOS High Sierra without a password via system preferences, using the root user account.
Apple has promised that it is working on a fix, but until then there is a way to secure your Mac by giving the root admin account a password, and in this tutorial we'll show you how you can do that by changing the root password. Apple will nearly certainly have a security fix ready to go in a matter of days; we'll update this story as soon as they do.
But it turns out that the problem was highlighted in Apple's developer forums two weeks ago. Ergin said staff members reported the vulnerability to Apple on November 23, and he disclosed the flaw publicly in a tweet on Tuesday.
Dangerous flaw in macOS High Sierra leaves your Mac vulnerable: Here's how to fix it
Ergin, a Turkish software developer and founder of Software Craftsmanship Turkey, told his followers that "Anyone can login as "root" with empty password after clicking on login button several times." . I thought I had to ask Apple "are you aware of it?". "In the meantime, setting a root password prevents unauthorized access to your Mac ..." The bug reportedly is not in any other MacOS. The "root" flaw could be used to gain privileges that could then allow the attacker to gain privileges to exploit the OS in ways that aren't normally possible.
This flaw only works if you have physical access to the device or machine, it will not work remotely. "Never mind one from a security and privacy-conscious company such as Apple".Читайте также: South African model takes Miss Universe crown
In October a flaw was discovered that could have allowed anyone to gain access to encrypted hard disk volumes. This simple action gives complete superuser access rights to the system exposing all user data.
The vulnerability was publically revealed on Twitter earlier, but it's unknown whether or not Apple was alerted to it beforehand. Apple has detailed the content of the update over on its Support website.
No doubt a speedy update from Apple on macOS will aim to address the bug.При любом использовании материалов сайта и дочерних проектов, гиперссылка на обязательна.
«» 2007 - 2017 Copyright.
Автоматизированное извлечение информации сайта запрещено.
Код для вставки в блог