|
Today, a security researcher twitted[1] about a dangerous behaviour he found in the Apple High Sierra operating system: It is possible to get administrator rights (the "root" account on UNIX) by connecting without a password. I was able to reproduce this behaviour on my MacBook running the latest OS X version. It appears that OS X is delivered with a passwordless root account. A quick fix is to create a password as soon as possible. Open a terminal and type the following command: $ sudo passwd root It's not clear if only High Sierra is affected or also older versions. We will update this post as soon as possible if required. [1] https://twitter.com/lemiorhan/status/935578694541770752 Xavier Mertens (@xme) |
Xme 697 Posts ISC Handler Nov 29th 2017 |
| Thread locked Subscribe |
Nov 29th 2017 4 years ago |
|
I had previously enabled root (on a Macbook Pro) and set a password. This was before updating to High Sierra. In this case the previous root password was still in force after the update (fortunately).
|
Anonymous |
| Quote |
Nov 29th 2017 4 years ago |
Sign Up for Free or Log In to start participating in the conversation!
https://www.sans.edu
