Home Apple releases fix for macOS High Sierra privilege escalation flaw
News

Apple releases fix for macOS High Sierra privilege escalation flaw

Zak Killian
Disclosure
Disclosure
In our content, we occasionally include affiliate links. Should you click on these links, we may earn a commission, though this incurs no additional cost to you. Your use of this website signifies your acceptance of our terms and conditions as well as our privacy policy.

Yesterday on Twitter, developer Lemi Orhan Ergin informed Apple of a major vulnerability in macOS 10.13, also known as High Sierra. Ergin found that on systems in their default configurations, one could simply type "root" as a username in certain privilege-escalation dialogs, leave the password field blank, and then click "Unlock" repeatedly to gain superuser access. Today, Apple has rushed out a patch for the issue.

The basis for the flaw seems to have been that by default in High Sierra, there is no "root" user. Attempting to login as root created that user, who then had superuser permissions—full administrative access, for anyone unfamiliar with UNIX-land terminology. The exploit effectively meant that most Macs running High Sierra were wide open to anyone with physical access to the machine. Other researchers later found that the exploit worked over remote connections if the Remote Desktop feature or VNC was enabled.

Because of how the exploit worked, folks who had already created a root account and set their own password were immune to the flaw. That approach was offered as a workaround for the problem yesterday, and it's not a bad idea in any case to avoid similar issues. However, now that the patch is out this particular security hole should be closed. Any Mac users running macOS should head over to the Mac App Store and check for an update to plug the vulnerability.

Latest News

Apple Might Join Hands with Google or OpenAI for Their AI Tech
News

Apple Is Reportedly Planning to Join Hands with Google or OpenAI to License Their AI Tools

YouTube Launches New Tool To Help Label AI-generated Content
News

YouTube Launches a New Tool to Help Creators Label AI-Generated Content

YouTube released a tool that will make creators clearly label the parts of their content that are generated by AI. The initiative was first launched in November in an attempt...

Ripple Dumps 240 Million XRP Tokens Amid 17% Price Decline
Crypto News

Ripple Dumps 240 Million XRP Tokens Amid 17% Price Decline

Popular crypto payment platform Ripple has released 240 million XRP tokens in its latest escrow unlock for March. This comes at a time when XRP’s price has declined significantly. Data from...

Crypto Expert Draws A Links Between Shiba Inu And Ethereum
Crypto News

Crypto Expert Draws Link Between Shiba Inu And Ethereum

The Lucrative FTX Bankruptcy Trade and Ongoing Legal Battle
Crypto News

The Lucrative FTX Bankruptcy Trade and Ongoing Legal Battle

Bitcoin (BTC) Price Set to Enter “Danger Zone” – Time to Back-Off or Bag More Coins?
Crypto News

Bitcoin (BTC) Price Set to Enter “Danger Zone” – Time to Back-Off or Bag More Coins?

SNB to Kick Off Rate Cut Cycle Sooner Than Expected
News

SNB to Kick-Start Rate Cut Cycle Sooner Than Expected