SERIOUS Bug In macOS High Sierra Allows For Mac Pwnage
I am not sure how this slipped out the door, but this bug is serious and Mac users need to pay attention. Assuming you’re running the most up to date version of macOS High Sierra, someone with ill will only has to do the following:
- Open System Preferences
- Choose Users & Groups
- Click the lock to make changes
- Type “root” in the username field
- Move the mouse to the Password field and click there, but leave it blank
- Click unlock
- Pwnage
This is a serious screw up by Apple as it gives someone with ill will total control of the Mac. And it’s serious enough that heads should roll for letting this slip out the door. I am going to guess that Mac users will get a fix for this in the next day or two…. And if Apple doesn’t deliver on that front, then they’ve really jumped the shark. But in the meantime to avoid being a victim of pwnage, don’t let your Mac out of your sight and enable a root account with a password to prevent the bug from working.
UPDATE: This is fixed. See here for details.
November 29, 2017 at 9:07 am
[…] gone from a company who can put out quality software to one that at best struggles to do so. While yesterday’s absolutely colossal macOS security hole which allows anyone to pwn a Mac with very… is the issue that’s bringing this to the forefront, there are other examples that indicate […]
November 29, 2017 at 11:37 am
[…] give Apple credit for coming up with a fix for this absolutely stunning security flaw within a day of it being disclosed. But this is something that should never have happened in the […]
November 29, 2017 at 1:43 pm
[…] that the security vulnerability which was of #EpicFail proportions is fixed, attention is now turning to how it was disclosed. This vulnerability was disclosed on […]
December 4, 2017 at 10:31 am
[…] among others are reporting that the emergency patch that was released last week to fix this epic security flaw can easily be […]
December 30, 2017 at 9:01 am
[…] Longer Say “It Just Works”: Apple had some high profile #fails this year starting with the epic security issue where anyone could get root access to a Mac with ease (though that was fixed within a day), followed by vulnerabilities in HomeKit, not to mention […]
January 10, 2018 at 12:49 pm
[…] have to wonder if Apple even QA’s their products anymore. I say that because after this rather spectacularly bad password bug comes another one. From […]
January 11, 2018 at 9:30 am
[…] face it, Apple has been in very deep trouble lately. Starting with the epic security issue where anyone could get root access to a Mac with ease (though that was fixed within a day), followed by vulnerabilities in HomeKit, not to mention […]
January 13, 2018 at 2:32 pm
[…] should take a page out of the Apple playbook when it came to that vulnerability that allowed anyone to log into a Mac with root level access. It was fixed inside of 24 hours. Sure people said that that Apple dropped the ball when it came to […]
September 25, 2018 at 9:45 am
[…] macOS High Sierra was a bit of a disaster for Apple. It was buggy and it also suffered from a very nasty and embarrassing bug that allowed anyone to gain root level access. The optics were not that good for Apple. Thus they had to bring something to the table that was […]
October 26, 2018 at 9:33 am
[…] out Apple because their ability to QA their software was so horrific, that macOS shipped with an extremely dangerous flaw that somehow was never caught by their QA department. Apple has yet to fully recover from that as […]
January 29, 2019 at 6:51 am
[…] as you could have used this exploit without the other person’s knowledge. And this is another major security issue that Apple has had to rush to deal with. Not to mention that their QA team which clearly […]
February 7, 2019 at 11:06 am
[…] This is easily the biggest and most serious bug that Apple has had to deal with. At least since the Root access bug. At least in that situation, Apple owned responsibility quickly and pushed out a software update to […]
March 11, 2019 at 9:01 am
[…] example #BatteryGate, #KeyboardGate, #StainGate, or #FlexGate. Not to mention software issues like their epic security #fail that allowed anyone get into a macOS computer and do whatever they want. Or the more recent epic FaceTime bug that allowed you to eavesdrop on conversations. Now […]
August 20, 2019 at 8:54 am
[…] of years now that Apple’s QA is an #EpicFail as we’ve seen example after example after example of high profile bugs with significant security impacts make it into the hands of the public. And […]
May 28, 2020 at 12:32 pm
[…] forcing software updates on their users. But Apple does have the ability to do that. For example, when a serious root level exploit surfaced a few years ago, Apple forced a fix onto those who didn’t instantly apply said fix when it was released the […]