RV_ Posted November 29, 2017 Report Share Posted November 29, 2017 Excerpt from MSN: " If you're using Apple's latest macOS High Sierra, you'll want to be wary of giving people access to your computer. Initially tweeted by developer Lemi Orhan Ergin, there's a super-easy exploit that can give anyone gain admin (or root) rights to your Mac. Engadget has confirmed that you can gain root access in the login screen, the System Preferences Users & Groups tab and File Vault with this method. All you need to do is enter "root" into the username field, leave the password blank, and hit Enter a few times. Needless to say, this is some scary stuff." More here: https://www.msn.com/en-us/news/technology/macos-high-sierra-bug-allows-full-admin-access-without-a-password/ar-BBFT9Yv?OCID=ansmsnnews11 RV/Derekhttp://www.rvroadie.com Email on the bottom of my website page.Retired AF 1971-1998 When you see a worthy man, endeavor to emulate him. When you see an unworthy man, look inside yourself. - Confucius “Those who can make you believe absurdities, can make you commit atrocities.” ... Voltaire Link to comment Share on other sites More sharing options...
Dave Sand Posted November 29, 2017 Report Share Posted November 29, 2017 49 minutes ago, RV_ said: Excerpt from MSN: " If you're using Apple's latest macOS High Sierra, you'll want to be wary of giving people access to your computer. Initially tweeted by developer Lemi Orhan Ergin, there's a super-easy exploit that can give anyone gain admin (or root) rights to your Mac. Engadget has confirmed that you can gain root access in the login screen, the System Preferences Users & Groups tab and File Vault with this method. All you need to do is enter "root" into the username field, leave the password blank, and hit Enter a few times. Needless to say, this is some scary stuff." More here: https://www.msn.com/en-us/news/technology/macos-high-sierra-bug-allows-full-admin-access-without-a-password/ar-BBFT9Yv?OCID=ansmsnnews11 This is a serious bug that allows someone with access to the Mac to enable the "root" user. This is the Unix user which has global access. Until Apple releases a fix, the following action is recommended.: Use the steps in https://support.apple.com/en-us/HT204012 to enable the root user AND assign a password. DO NOT disable the root user as indicated in the document. Doing so will make the bug active again. Depending on how your login options are set up, you may see a new icon for Other. That is the root user. Just ignore it. It will not be usable as long as a good password was assigned. Dave Sand Line 1 - ends with just the return (enter) key. Line 2 - ends with shift-return (shift-enter) key combination. Line 3 Link to comment Share on other sites More sharing options...
Dave Sand Posted November 29, 2017 Report Share Posted November 29, 2017 Apple has released a fix for this bug. Security Update 2017-001 should be listed in the Updates page of the Mac App Store. The update does NOT require a re-boot. Dave Sand Line 1 - ends with just the return (enter) key. Line 2 - ends with shift-return (shift-enter) key combination. Line 3 Link to comment Share on other sites More sharing options...
RV_ Posted November 30, 2017 Author Report Share Posted November 30, 2017 Hi Dave! I just came back to post about the patch from Apple but you already have it covered. Thanks! RV/Derekhttp://www.rvroadie.com Email on the bottom of my website page.Retired AF 1971-1998 When you see a worthy man, endeavor to emulate him. When you see an unworthy man, look inside yourself. - Confucius “Those who can make you believe absurdities, can make you commit atrocities.” ... Voltaire Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.