New HUGE Apple Mac Vulnerability found means anyone can access as root using a few key strokes

Chat about just about anything else
Post Reply
User avatar
wizzybang
Level 1
Level 1
Posts: 43
Joined: Fri Nov 10, 2017 6:57 pm

New HUGE Apple Mac Vulnerability found means anyone can access as root using a few key strokes

Post by wizzybang » Tue Nov 28, 2017 5:49 pm

It's just been reported that ANY Apple Mac can be accessed by a complete IT novice using just a few key strokes. This is a bit nuts:

http://www.independent.co.uk/life-style ... 81176.html

Insane!!
Success is the ability to go from one failure to the next without any loss of enthusiasm.....

kilowatt2
Level 1
Level 1
Posts: 15
Joined: Wed Mar 19, 2014 8:39 am

Re: New HUGE Apple Mac Vulnerability found means anyone can access as root using a few key strokes

Post by kilowatt2 » Thu Nov 30, 2017 4:16 am

Actually any person that has access to a Mac computer can access it easily using single user mode. This is not a big deal at all.

User avatar
silfox2000
Level 2
Level 2
Posts: 93
Joined: Fri Sep 08, 2017 8:13 am

Re: New HUGE Apple Mac Vulnerability found means anyone can access as root using a few key strokes

Post by silfox2000 » Thu Nov 30, 2017 7:04 am

This is known and this is same with Linux Mint. That's why you should set root password as soon as you install it. In that case somebody can use live USB/CD distribution to access your files, and you should use encryption, and so on...

Cosmo.
Level 23
Level 23
Posts: 17829
Joined: Sat Dec 06, 2014 7:34 am

Re: New HUGE Apple Mac Vulnerability found means anyone can access as root using a few key strokes

Post by Cosmo. » Thu Nov 30, 2017 7:42 am

silfox2000 wrote:This is known and this is same with Linux Mint.
To my knowledge this is wrong. I don't use macOS, so I cannot reproduce the problem myself, but from my understanding of the bug you can do the following in macOS: Launch a function, which needs elevated privileges and opens the credentials dialogue. Now the attacker can set "root" as account name clicks into the password field but without entering anything inside; now he can unlock the restricted function.

This is not doable in Mint (since 18.2); as long as the root password is unset, the root account is really locked for direct access. Proof: Enter the command gksu -u root xed and leave in the following dialogue the password field empty: The access will get rejected.
The advices to set the root password in macOS is to my understanding meant as a temporary workaround, until Apple has fixed the leak.

I am not a fan of the password-less root account since Mint 18,2 but out of quite different reason. Mixing the macOS leak with the situation in Mint is misleading.

User avatar
BigEasy
Level 6
Level 6
Posts: 1163
Joined: Mon Nov 24, 2014 9:17 am
Location: Chrząszczyżewoszyce, powiat Łękołody

Re: New HUGE Apple Mac Vulnerability found means anyone can access as root using a few key strokes

Post by BigEasy » Thu Nov 30, 2017 9:04 am

It is no vulnerability at all. It is not nesessary to be root of something else to do bad things. Somebody just need to be alone and sit if front of computer. In that case vulnerability is owner. Let sit me in front of your computer with any OS installed and I can do with your information what I want, booting from external device.
Windows assumes I'm stupid but Linux demands proof of it

Post Reply

Return to “Open chat”