SERIOUS Bug In macOS High Sierra Allows For Mac Pwnage

I am not sure how this slipped out the door, but this bug is serious and Mac users need to pay attention. Assuming you’re running the most up to date version of macOS High Sierra, someone with ill will only has to do the following:

  1. Open System Preferences
  2. Choose Users & Groups
  3. Click the lock to make changes
  4. Type “root” in the username field
  5. Move the mouse to the Password field and click there, but leave it blank
  6. Click unlock
  7. Pwnage

This is a serious screw up by Apple as it gives someone with ill will total control of the Mac. And it’s serious enough that heads should roll for letting this slip out the door. I am going to guess that Mac users will get a fix for this in the next day or two…. And if Apple doesn’t deliver on that front, then they’ve really jumped the shark. But in the meantime to avoid being a victim of pwnage, don’t let your Mac out of your sight and enable a root account with a password to prevent the bug from working.

UPDATE: This is fixed. See here for details.

Advertisements

9 Responses to “SERIOUS Bug In macOS High Sierra Allows For Mac Pwnage”

  1. […] gone from a company who can put out quality software to one that at best struggles to do so. While yesterday’s absolutely colossal macOS security hole which allows anyone to pwn a Mac with very… is the issue that’s bringing this to the forefront, there are other examples that indicate […]

  2. […] give Apple credit for coming up with a fix for this absolutely stunning security flaw within a day of it being disclosed. But this is something that should never have happened in the […]

  3. […] that the security vulnerability which was of #EpicFail proportions is fixed, attention is now turning to how it was disclosed. This vulnerability was disclosed on […]

  4. […] among others are reporting that the emergency patch that was released last week to fix this epic security flaw can easily be […]

  5. […] Longer Say “It Just Works”: Apple had some high profile #fails this year starting with the epic security issue where anyone could get root access to a Mac with ease (though that was fixed within a day), followed by vulnerabilities in HomeKit, not to mention […]

  6. […] have to wonder if Apple even QA’s their products anymore. I say that because after this rather spectacularly bad password bug comes another one. From […]

  7. […] face it, Apple has been in very deep trouble lately. Starting with the epic security issue where anyone could get root access to a Mac with ease (though that was fixed within a day), followed by vulnerabilities in HomeKit, not to mention […]

  8. […] should take a page out of the Apple playbook when it came to that vulnerability that allowed anyone to log into a Mac with root level access. It was fixed inside of 24 hours. Sure people said that that Apple dropped the ball when it came to […]

  9. […] macOS High Sierra was a bit of a disaster for Apple. It was buggy and it also suffered from a very nasty and embarrassing bug that allowed anyone to gain root level access. The optics were not that good for Apple. Thus they had to bring something to the table that was […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: