macOS Bug Allows Root Access Without Password

DaveyH · ‎15-11-2012

Really?! Apple?!

https://www.macrumors.com/2017/11/28/macos-high-sierra-bug-admin-access/

Alex · ‎05-04-2007

It's in the news now.

MacOS is based on UNIX, and root is the admin account. So they've overlooked the fact you can log in as admin with no password. Ooohh dear

Sure that will be patched pretty quickly.

EDIT: Now it is made public hopefully pretty soon before the writers/malware writers take advantage of it. I haven't updated my Mac software for a while but I guess I should soon.

JayG · ‎30-10-2011

Registering, logging on, authentication, verification and so on can be sooo time consuming and irritating - congratulations to Apple for showing just how easy it can be (for everyone!)

DaveyH · ‎15-11-2012

Apple have now released a patch

https://techcrunch.com/2017/11/29/aws-announces-two-new-ec2-instance-types/

https://www.macrumors.com/2017/11/29/apple-fixes-root-password-bug-security-update/

VileReynard · ‎01-09-2007

Based on the premise that Apple borrowed Unix code;

What happens if a non-admin user enters

sudo passwd root

(and then enters a very weak password)?

"In The Beginning Was The Word, And The Word Was Aardvark."

Anonymous · ‎30-11-2017

Apple update sorted the problem for my iMacs early this morning...

http://www.techradar.com/news/macos-high-sierra-security-flaw-gives-anyone-full-admin-access-no-pass...

https://support.apple.com/en-gb/HT201222

DaveyH · ‎15-11-2012

They managed to introduce a bug that broke file sharing with that fix, so have had to release a revised version of the patch

https://www.macrumors.com/2017/11/29/apple-macos-high-sierra-file-sharing-fix/

VileReynard · ‎01-09-2007

Has the fix to the fix broken anything?

Have Apple heard of QA?

"In The Beginning Was The Word, And The Word Was Aardvark."

Anonymous · ‎30-11-2017

@DaveyH wrote:

They managed to introduce a bug that broke file sharing with that fix, so have had to release a revised version of the patch

https://www.macrumors.com/2017/11/29/apple-macos-high-sierra-file-sharing-fix/

The fix for the fix !!!

Thus:

Open the Terminal app, which is in the Utilities folder of your Applications folder.

Type sudo /usr/libexec/configureLocalKDC and press Return.

Enter your administrator password and press Return.

Quit the Terminal app.

Anonymous · ‎30-11-2017

Apple moved quickly to address the issue, releasing a patch in less than 24 hours and automatically pushing it to users' Macs, although the initial update for the fix also broke file sharing for some users.

Apple shared instructions on how to fix that issue, and it appears the security update has been revised to prevent that problem from happening in the first place.

Anonymous · ‎01-12-2017

Even though I manually installed the Security Update earlier, overnight Apple automatically also installed the update, so presumably also to all Apple users....

RPMozley · ‎04-11-2011

Not all, only those on High Sierra, but I know what you mean.

Just as well I haven't updated passed Mavericks, on external drive. My main drive is still on Snow Leopard, mainly to keep compatibility with old applications and Rosetta PPC emulation.

That's RPM to you!!

Anonymous · ‎01-12-2017

@RPMozley wrote:
Not all, only those on High Sierra, but I know what you mean.

I'm glad someone does !!

Alex · ‎05-04-2007

Reminds me of my old company.

We had local SQL Servers and the 'sa' account (admin account for people who don't know SQL ), was blank.

A virus got round the network and was using that exploit to spread. So we had to set passwords on sa.

I this was was before the SP xp_cmdshell was restricted and now disabled by default. But basically it allowed an executable to be run.

So obviously, dump a dodgy .exe somewhere, login in as sa (blank) xp_cmdshell dodgy.exe