OT: Potentially major security issue with Mac High Sierra 10.13.1 (17B48)
Peter Fulford
Posts: 1,325
in The Commons
If you have the latest Mac OS installed, don't leave your computer unattended. A (physically present) third party can take control very easily.
https://techcrunch.com/2017/11/28/astonishing-os-x-bug-lets-anyone-log-into-a-high-sierra-machine/
This is for High Sierra 10.13.1 (17B48). Look out for a forthcoming patch and take care in the meantime.
Comments
This made me laugh so hard when I heard about it. Who sets an OS up so that a root account automatically gets created the first time someone tries to use it? How does that happen by accident?
It happens when your team is testing the thing, and you don't want to be bothered with security hurdles every time you restart so you put in a short cut... then forget to take it out when you publish the thing.
Just tested on 10.13.1 and nope, it doesnt work to enter root to bypass authentication dialogs, as shown in the clip in the post.
Edit: I tested multiple times, and reading the comments, several have the same experience, so my question is: "Was root/<blank> already there when he started to test and what installer/malware did that?
It doesn't work if you have a root account already set up.
I just tried it on my iMac (reinstalled from scratch a week ago), and it DID work!
I'll bet someone at Apple just got fired!
Ah, OK, that's "bad". I did look more into it and as "agent unawares" said it requires an unset root account. I think the issue is that when you have developer tools installed you most probably have a root account setup, so no beta testers (they all have XCode) or devs ever saw this.
Then if you did it, then you need to set pwd on root asap or you're open to attacks.
Yeah, I had xcode on the old install, but I haven't installed any dev tools on the rebuild. And yes root now has a password!
Just tested on 10.12.6 and it doesn't seem to be an issue, glad I haven't updated in a couple months.
I've seen it demonstrated. (I'm on Windows, but our Director of Technology was showing off how easy/bad it is.) And I've seen it used to provide authentication for installers. I'm guessing a hotfix will be coming REALLY DAMN FAST.
In the meantime, keep your High Sierra 10.13.1 machine safe.
Apple has already released a fix for it earlier today.
Ciao
TD
under the heading "Install this update as soon as possible"!