SERIOUS Bug In macOS High Sierra Allows For Mac Pwnage

I am not sure how this slipped out the door, but this bug is serious and Mac users need to pay attention. Assuming you’re running the most up to date version of macOS High Sierra, someone with ill will only has to do the following:

  1. Open System Preferences
  2. Choose Users & Groups
  3. Click the lock to make changes
  4. Type “root” in the username field
  5. Move the mouse to the Password field and click there, but leave it blank
  6. Click unlock
  7. Pwnage

This is a serious screw up by Apple as it gives someone with ill will total control of the Mac. And it’s serious enough that heads should roll for letting this slip out the door. I am going to guess that Mac users will get a fix for this in the next day or two…. And if Apple doesn’t deliver on that front, then they’ve really jumped the shark. But in the meantime to avoid being a victim of pwnage, don’t let your Mac out of your sight and enable a root account with a password to prevent the bug from working.

UPDATE: This is fixed. See here for details.

Advertisements

4 Responses to “SERIOUS Bug In macOS High Sierra Allows For Mac Pwnage”

  1. […] gone from a company who can put out quality software to one that at best struggles to do so. While yesterday’s absolutely colossal macOS security hole which allows anyone to pwn a Mac with very… is the issue that’s bringing this to the forefront, there are other examples that indicate […]

  2. […] give Apple credit for coming up with a fix for this absolutely stunning security flaw within a day of it being disclosed. But this is something that should never have happened in the […]

  3. […] that the security vulnerability which was of #EpicFail proportions is fixed, attention is now turning to how it was disclosed. This vulnerability was disclosed on […]

  4. […] among others are reporting that the emergency patch that was released last week to fix this epic security flaw can easily be […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: