SERIOUS Bug In macOS High Sierra Allows For Mac Pwnage

I am not sure how this slipped out the door, but this bug is serious and Mac users need to pay attention. Assuming you’re running the most up to date version of macOS High Sierra, someone with ill will only has to do the following:

  1. Open System Preferences
  2. Choose Users & Groups
  3. Click the lock to make changes
  4. Type “root” in the username field
  5. Move the mouse to the Password field and click there, but leave it blank
  6. Click unlock
  7. Pwnage

This is a serious screw up by Apple as it gives someone with ill will total control of the Mac. And it’s serious enough that heads should roll for letting this slip out the door. I am going to guess that Mac users will get a fix for this in the next day or two…. And if Apple doesn’t deliver on that front, then they’ve really jumped the shark. But in the meantime to avoid being a victim of pwnage, don’t let your Mac out of your sight and enable a root account with a password to prevent the bug from working.

UPDATE: This is fixed. See here for details.

15 Responses to “SERIOUS Bug In macOS High Sierra Allows For Mac Pwnage”

  1. […] gone from a company who can put out quality software to one that at best struggles to do so. While yesterday’s absolutely colossal macOS security hole which allows anyone to pwn a Mac with very… is the issue that’s bringing this to the forefront, there are other examples that indicate […]

  2. […] give Apple credit for coming up with a fix for this absolutely stunning security flaw within a day of it being disclosed. But this is something that should never have happened in the […]

  3. […] that the security vulnerability which was of #EpicFail proportions is fixed, attention is now turning to how it was disclosed. This vulnerability was disclosed on […]

  4. […] among others are reporting that the emergency patch that was released last week to fix this epic security flaw can easily be […]

  5. […] Longer Say “It Just Works”: Apple had some high profile #fails this year starting with the epic security issue where anyone could get root access to a Mac with ease (though that was fixed within a day), followed by vulnerabilities in HomeKit, not to mention […]

  6. […] have to wonder if Apple even QA’s their products anymore. I say that because after this rather spectacularly bad password bug comes another one. From […]

  7. […] face it, Apple has been in very deep trouble lately. Starting with the epic security issue where anyone could get root access to a Mac with ease (though that was fixed within a day), followed by vulnerabilities in HomeKit, not to mention […]

  8. […] should take a page out of the Apple playbook when it came to that vulnerability that allowed anyone to log into a Mac with root level access. It was fixed inside of 24 hours. Sure people said that that Apple dropped the ball when it came to […]

  9. […] macOS High Sierra was a bit of a disaster for Apple. It was buggy and it also suffered from a very nasty and embarrassing bug that allowed anyone to gain root level access. The optics were not that good for Apple. Thus they had to bring something to the table that was […]

  10. […] out Apple because their ability to QA their software was so horrific, that macOS shipped with an extremely dangerous flaw that somehow was never caught by their QA department. Apple has yet to fully recover from that as […]

  11. […] as you could have used this exploit without the other person’s knowledge. And this is another major security issue that Apple has had to rush to deal with. Not to mention that their QA team which clearly […]

  12. […] This is easily the biggest and most serious bug that Apple has had to deal with. At least since the Root access bug. At least in that situation, Apple owned responsibility quickly and pushed out a software update to […]

  13. […] example #BatteryGate, #KeyboardGate, #StainGate, or #FlexGate. Not to mention software issues like their epic security #fail that allowed anyone get into a macOS computer and do whatever they want. Or the more recent epic FaceTime bug that allowed you to eavesdrop on conversations. Now […]

  14. […] of years now that Apple’s QA is an #EpicFail as we’ve seen example after example after example of high profile bugs with significant security impacts make it into the hands of the public. And […]

  15. […] forcing software updates on their users. But Apple does have the ability to do that. For example, when a serious root level exploit surfaced a few years ago, Apple forced a fix onto those who didn’t instantly apply said fix when it was released the […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: