Yesterday I published a post on an embarrassing flaw affecting the macOS High Sierra, tracked as CVE-2017-13872, that that can be exploited to gain root access to a machine with no password.
The vulnerability is exploitable via the authentication dialog box in the Apple macOS High Sierra that asks for an administrator’s username and password when the user needs to do specific actions like configure privacy and network settings.
From the user login screen, if the user provides “root” as the username, leave the password box blank, hit “enter” and then click on unlock a few times, the prompt disappears and he gains admin rights.
Initial reports suggested that the exploit works by entering the username “root” with a blank password, but the expert Tom Ervin discovered that it works with any password.
The attack scenario needs physical access to the machine to log in, once inside the attacker can perform several malicious activities such as install a malware.
Even if the flaw was first reported on Apple developer forums on November 13 by a user, Apple only learned of it on Tuesday when the web developed Lemi Orhan Ergin tweeted about it.
The flaw affects macOS High Sierra 10.13 and macOS High Sierra 10.13.1, it doesn’t impact macOS Sierra 10.12.6 and earlier.
Just 24 hours later, Apple announced the availability of a security update for macOS High Sierra that addresses the issue.
“An attacker may be able to bypass administrator authentication without supplying the administrator’s password,” the company said in its advisory.
“A logic error existed in the validation of credentials. This was addressed with improved credential validation.”
Experts noticed that If they have a root account enabled and a password for it set, the trick will not work, for this reason Apple has deactivated the root account by default.
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(Security Affairs – macOS High Sierra, hacking)
[adrotate banner=”5″]
[adrotate banner=”13″]
Cellcom, a regional wireless carrier based in Wisconsin (US), announced that a cyberattack is the…
Cryptocurrency exchange Coinbase announced that the recent data breach exposed data belonging to 69,461 individuals.…
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti EPMM, MDaemon Email Server, Srimax Output…
A critical flaw in OpenPGP.js, tracked as CVE-2025-47934, lets attackers spoof message signatures; updates have…
South Korean mobile network operator SK Telecom revealed that the security breach disclosed in April…
A flaw in O2 4G Calling (VoLTE) leaked user location data via network responses due…
This website uses cookies.
