Apple Mac Software Has Login Flaw That Puts Data at Risk

Adjust Comment Print

For now, you can test your Mac by going to System Preferences, choosing Users & Groups then click the lock to make changes. And there's no security check, according to developer Lemi Ergin, who spotted the bug.

From there, the attacker can enter "root" as the username and leave the password field blank. The root account for your device is a superuser, with the ability to read and write files all across the system.

The bug affects macOS High Sierra 10.13.1 and 10.13.2 Beta. Click on the "Unlock" button. As it turns out, it's remarkably easy for someone to gain admin access to the device; you don't even need a password.

Click the lock in the corner. Those running previous versions of MacOS including Sierra and Yosemite do not appear to be affected by the bug.

Meek Mill denied emergency bail motion
Earlier the same day, buzz developed about Sharpton coming to Meek's defense. In English: Meek can be freed on bail if this is approved.

So far as we can tell, you need access to a now logged in account in order to trigger it.

CNET independently confirmed this security flaw exists and reached out to Apple about the issue.

Apple is yet to comment, but I suspect a quick trip to the locksmith is in order. We are now updating our machines and will report back. This can be done by navigating to System Preferences, selecting Users and Groups, clicking Login Options on the left side of the menu, clicking the Join button next to Network Account Server, clicking Open Directory Utility, then clicking Edit in the Mac's menu bar to assign a password. (The company maintains an invite-only bug bounty program.) Despite its incredibly alarming simplicity, The Verge is not reproducing the steps to bypass High Sierra's login screen here. Go to Apple's support page here for more information about how that works.

Comments