LogFAQs


Poll of the Day > New Apple MacOS (High Sierra) has a glaring security issue, can be hacked easily

Topic List
Page List: 1
Truth_Decay
11/28/17 7:47:31 PM
#1:


https://www.wired.com/story/macos-high-sierra-hack-root/

THERE ARE HACKABLE security flaws in software. And then there are those that don't even require hacking at alljust a knock on the door, and asking to be let in. Apple's macOS High Sierra has the second kind.

On Tuesday, security researchers disclosed a bug that allows anyone a blindingly easy method of breaking that operating system's security protections. Anyone who hits a prompt in High Sierra asking for a username and password before logging into a machine with multiple users, they can simply type "root" as a username, leave the password field blank, click "unlock" twice, and immediately gain full access.

In other words, the bug allows any rogue user that gets the slightest foothold on a target computer to gain the deepest level of access to a computer, known as "root" privileges. Malware designed to exploit the trick could also fully install itself deep within the computer, no password required.

---
Seek the truth / Free your mind
Reach a deeper root / Eat the fruit / Leave the rind
... Copied to Clipboard!
Yellow
11/28/17 8:01:22 PM
#2:


Yup

No software is safe. Probably a good thing to keep in mind.
---
https://pbs.twimg.com/media/DNrfHP9W0AAQK_s.jpg:large
... Copied to Clipboard!
#3
Post #3 was unavailable or deleted.
Mead
11/28/17 8:12:48 PM
#4:


Somebody screwed the pooch
---
All praise Mead
... Copied to Clipboard!
shadowsword87
11/28/17 8:22:15 PM
#5:


Huh, that's a devtool that was just left in there.
... Copied to Clipboard!
ferko420
11/28/17 8:26:39 PM
#6:


Fun for everyone at work with it! Good for ya noobs!!!!
---
Switch: Ferko: SW-3592-8151-5043
3DS: Ferko: 4167-4487-9551 PSN: HAVOCtheHedgehog
... Copied to Clipboard!
Questionmarktarius
11/28/17 8:39:53 PM
#7:


Remotable, or does it require physical access to the machine?
... Copied to Clipboard!
helIy
11/28/17 8:49:38 PM
#8:


who just leaves root access like that
---
"Dogs smell like they've had too much fun and need a bath
Cats smell like espionage" - Mead
... Copied to Clipboard!
Syntheticon
11/28/17 10:12:09 PM
#9:


It's just as easily fixed by setting a root password though, this exploit only works in the default state with the account enabled but no password set (which is pretty slack though).
---
Mod me? You don't even know me!
... Copied to Clipboard!
Yellow
11/28/17 11:06:03 PM
#10:


Zangulus posted...
Yellow posted...
Yup

No software is safe. Probably a good thing to keep in mind.


Theres no software is safe and then theres getting root access without a password by pressing a button twice.

Lol

The Tor network was found to have an exploit where if you requested an url that started with file:// (?) it would just use your normal IP address pretty recently.

Software is inherently insecure. That's why I keep all my passwords on a piece of paper. That's also why elections should be done with paper. What's going on under the hood? Who knows.
---
https://pbs.twimg.com/media/DNrfHP9W0AAQK_s.jpg:large
... Copied to Clipboard!
Yellow
11/28/17 11:11:51 PM
#11:


Also worth noting that while this seems extra bad because of how simple it is, to a hacker it doesn't matter if they have to type in root twice or do a buffer overflow exploit.

This is also probably one of the many ways a hacker has to get into administrator mode. It has to be done on top of another hack that actually let's them run code on your machine in the first place.
---
https://pbs.twimg.com/media/DNrfHP9W0AAQK_s.jpg:large
... Copied to Clipboard!
Topic List
Page List: 1