Updating macOS High Sierra Could Reactivate Root Password Vulnerability

Updating macOS High Sierra Could Reactivate Root Password Vulnerability

"Are you aware of it @Apple?" the user tweeted.

With the bug in the operating system, any person or malicious program that tried to log into a Mac computer, or install software, or even change settings, could do that by simply entering root as username on the prompt, and they were able to bypass the prompt to gain full access to the computer.

Apple found itself rather red-faced last week when it was discovered that the root account of macOS High Sierra was accessible without a password.

Apple's quick patch for the recently discovered "root" user bug can be undone by upgrading to macOS 10.13.1.

This has been an incredibly awful week for Apple's operating systems.

The solution is a simple one - but one that has not been made sufficient clear by Apple.

It is noted that remotely realize the vulnerability impossible - the attacker must still have direct access to your device. The previous version of the operating system didn't appear to be affected by the bug.

The company began working on an update to close the security loophole after hearing of the issue on November 29, to which Apple said that it has now patched that security flaw, along with a guide on how to fix it. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012.

In a Medium post today, Ergin today said his Twitter disclosure about the Mac bug was met with "many reactions like a blast".

Apple on Wednesday released an emergency patch that fixed an embarrassing login bug in its macOS 10.13.1 High Sierra operating system. "Never mind one from a security and privacy-conscious company such as Apple", Steve Troughton-Smith, a Mac software developer, wrote on Twitter. Anyone can log in as "root" with empty password after clicking on login button several times.

"Oh my god that should not work but it does", another user responded yesterday on the forum. While the security update is now available for download from Mac App Store, Apple said it will also be automatically installing the patch on all Macs running macOS High Sierra 10.13.1. When that happens, "Make sure to update your Macs and MacBooks at your earliest opportunity after it is released", he added.

Related News:



Most liked

Trump to Pull US From UN Migration Compact
Security Council meeting about the ongoing violence in Myanmar, against Rohingya Muslims on September 28, 2017 in New York City. These commitments are known as the New York Declaration for Refugees and Migrants .

Francis Ngannou Knocks Alistair Overeem Stiff (UFC 218 Results)
The heavy handed fighter faced an experienced wrestler in Curtis Blaydes, and earned a win. If you blinked during UFC 218's co-main event in Detroit on Saturday, you missed it.

North Korea lambasts US-South joint military drill
Graham, a foreign policy hawk, said he has had extensive discussions with the Trump administration about the situation. Beijing has backed a slew of sanctions that include bans on imports of North Korean coal, iron ore and seafood.

Russian MPs vow to make State Duma off-limits for all USA media
Russian officials called the new legislation a "symmetrical response" to what they describe as USA pressure on Russian media. Peskov said Russian media had been subjected to "outrageous" attacks in the United States which violated freedom of speech.

Patriots at Bills: Highlights, score and recap
The Patriots have turned to the Bills to fill several holes on their roster in recent years, with Lee the most recent example. Gronkowski drove his shoulder as he lay face down on the turf after the whistle and was penalized for unnecessary roughness.

Ali spoils Cotto's farewell battle with resolution win
Willing to fight the best. "I have been training since I was 8 years old, and I am glad I got this win at MSG, in my hometown". Ali looked confident and loose from the opening bell, showing quick hands and constantly bouncing around the ring.

Former key ally of Nigeria's Buhari joins opposition party
The former vice president joined the APC in February 2014 and remained in the party until his exit on November 24, 2017. In the last two years, nearly 3 million Nigerians have lost their jobs.

Georgia linebacker Natrez Patrick arrested hours after SEC championship game
UGA's student-athlete handbook calls for a four-game suspension for football players who incur a second marijuana violation. A little over five hours after that game, one starter on that team would find himself in the back of a squad vehicle .

2.0 postponed to release in April
As per the latest reports, 2.0 will release in April, whereas Kaala will hit the screens during the Independence day weekend. Now, the makers on December 2, announced that the Rajinikanth and Akshay starrer will release on 27th April, 2018.

How Analysts Rated QUALCOMM Incorporated (NASDAQ:QCOM) Last Week?
Zacks Investment Research upgraded shares of QUALCOMM from a "sell" rating to a "hold" rating in a report on Tuesday, October 3rd. Nwq Investment Management Company Ltd Limited Liability Company stated it has 1.76% in EQT Corporation (NYSE:EQT).

AC Milan coach Gattuso on Benevento shock: These players do care
Benevento goalkeeper Alberto Brignoli acted purely on instinct as he scored a memorable equaliser against AC Milan on Sunday. Milan had led through Giacomo Bonaventura before George Puscas equalised, with Nikola Kalinic restoring the lead for Milan.

Rickie Fowler rallies to win Hero World Challenge from 7 shots behind
England's Tommy Fleetwood carded a five-under 67 to finish tied third with world number two Jordan Spieth, six shots off Fowler.

Georgia, Alabama make four-team playoff
They went on the road to beat rival SC 34-10 on November 25 and then beat Miami 38-3 in the ACC championship game on Saturday. Move forward and get around people you care about - your family and teammates".

300 fossilised pterosaur eggs found
About 215 eggs of the pterosaur , which flew and have jagged teeth, were found in the Xinjiang Uygur Autonomous Region in China . None of the embryos are complete, the paper states, and the scientists used computed tomography scanning to view what was inside.

SEC Championship Game Prediction Georgia-Auburn
For just the seventh time in the 26-year history of the SEC championship game, the teams also met during the regular season. Georgia needs to establish the running game with Nick Chubb and Sony Michel to avoid putting too much pressure on Fromm.