According to The Verge, one way to thwart this low likelihood but high impact vulnerability is to change the root account password on your Mac. Press Return or click the Unlock button a few times - I've seen it both accept on the first try and require a couple of additional tries. Lemi Orhan Ergin, the founder of Software Craftsmanship Turkey, discovered the security flaw and tweeted it out to Apple Support on Tuesday. A spokesperson for Apple was not immediately available for comment. It can also be used at the login screen of a locked Mac to unlock the machine and gain full administrative access.
A demonstration of the security flaw. Those running previous versions of MacOS including Sierra and Yosemite do not appear to be affected by the bug.
The exploit can be run in System Preferences.
Choose Apple menu System Preferences, then click Users & Groups (or Accounts).Читайте также: Nancy Pelosi calls John Conyers an 'icon,' and social media is livid
Disabling the root account in the open directory utility tool does not work, as the root account becomes re-enabled when entered into the user name field on login. But The Verge offered a solution: Create a new system administrator password.
Let's make this clear: this is a huge mistake on Apple's part, even if there's a relatively simple fix.
In the dialog that pops up, click on open directory utility, and from the tool's menubar, select the edit item, and then change root password.
"A password prompt that authenticates as root with an empty password would be a black eye for any OS". (The company maintains an invite-only bug bounty program.) Despite its incredibly alarming simplicity, The Verge is not reproducing the steps to bypass High Sierra's login screen here. Users can prevent an attacker from exploiting a bug by creating a "root" account themselves and giving it a custom password.При любом использовании материалов сайта и дочерних проектов, гиперссылка на обязательна.
«» 2007 - 2017 Copyright.
Автоматизированное извлечение информации сайта запрещено.
Код для вставки в блог
- Ghana makes it to the top 16 at this year's Miss Universe
- Trump's Now Saying The Infamous 'Access Hollywood' Tape Is Fake
- Kylie Jenner Practices Her Mommy Skills with Friend's Baby on Snapchat
- 180+ Woman Reported Assault At Massage Envy Locations Across US
- Giving Tuesday: What you need to know
- Circular economy commitment in Industrial Strategy welcomed by industry
- USA mall evacuated after gun discharges into floor
- Jones' big game leads Falcons past Buccaneers 34-20
- Louise congratulates Jamaica's Davina Bennett
- Here's why Jennifer Lawrence wants to take a hiatus from acting