Apple Rushes to Fix MacOS High Sierra All Access Bug

Apple shipped its latest desktop operating system, High Sierra, with a massive vulnerability that allows anyone, without a password, to easily create a new “root” account that has access to all files on the computer.
See Also: How to Scale Your Vendor Risk Management Program
Lemi Orhan Ergin, an Agile software developer at a company called Iyzico, described the vulnerability on Tuesday in a tweet that has been widely retweeted.
“Dear @AppleSupport, we noticed a HUGE security issue at MacOS High Sierra. Anyone can login as ‘root’ with empty password after clicking on login button several times,” he said.
Others, including developer Mike Myers, have since found a post to Apple’s user forums on Nov. 13 that describe the same bug.
Perhaps nobody noticed two weeks ago when the root login vulnerability in macOS High Sierra was shared as a helpful tip on Apple’s own Developer forums. https://t.co/P44gEId25d pic.twitter.com/sOiRt8j2X7— Mike Myers (@fristle) November 29, 2017
Apple says in a statement: “We are working on a software update to address this issue.”
The Root of the Problem
A root account is the most powerful account on a computer because it has access to all files, says Patrick Wardle, who’s the chief security researcher with crowdsourced security firm Synack as well as a former NSA analyst. That’s why many security experts recommend never using root accounts, except in cases where machines must be administered. Many organizations that issue computers to employees will not give them root access to the system, instead reserving such access only for IT support teams.
Gaining access to a root account makes life easier for any attackers. For example, they could easily install a keylogger or other malware on the computer. That’s why malware programs designed for MacOS often try to trick users into divulging passwords to get root access, Wardle says.
“With this privilege, you can pretty much do anything,” he says.
pic.twitter.com/4TBh5NetIS— patrick wardle (@patrickwardle) November 28, 2017
This latest authentication bug in MacOS adds to other worrying authentication-related findings in High Sierra by independent security researchers. Wardle says that brings into question whether Apple’s quality assurance processes have slipped.
“I’m coming to think there really isn’t a QA process,” says Wardle, who has reported many bugs to Apple and has a good relationship with its security team. “I don’t mean that in a negative way. I’m not trying to personally attack Apple.”
It’s surprising that Apple, which is one of the more privacy-focused and security-aware companies, didn’t catch the bug before High Sierra shipped, says Chris Pierson, chief security officer and general counsel for payment services firm Viewpost. “It is imperative for all of us in cybersecurity to slow down and be more precise in our mastery of secure products before they hit the market,” he says.
Keys to the Kingdom
一些缺少技术、资金支撑的地方政府网站,可以合并,由省级、地级政府建一个大的网络平台,而不是为了短期的政绩,匆匆上马网站,又被黑客控制。
On vulnerable MacOS systems, there are several ways to exploit the bug and create a root account. One way is to use “root” as the username for the “other” account in the logon screen. A user will then be prompted for a password, at which point they can enter anything.
The authentication window then appears a second time, and whatever was entered before – even if the field was left blank – unlocks the root account. The same method can be used by opening system preferences, going to users & groups and clicking the lock icon, which then displays an authentication window. It’s also possible to create the account through the terminal window.
Wardle says in previous versions of MacOS, the root account is disabled. To access it, a user would be asked for the system password before granting access to root. For some reason, that protection has been disabled in High Sierra.
The bug can also be exploited remotely. In one scenario, if the targeted computer allows for remote connections, the attacker can choose in a dialog box to login as root and do the same trick, Wardle says.
String of Authentication Slip-Ups
Apple’s mistake is easy to fix and just takes a couple of lines of code, Wardle says. But until a patch is distributed, users should change the root account password, which will thwart any attempts to take advantage of it.
How to Mitigate the Bug, Pending Apple’s Fix
Developer Chethan Kamath, writing under the username chethan17, posted a temporary workaround for the High Sierra password flaw, pending a patch from Apple.
More broadly, Wardle says he’s been surprised at Apple’s slip-ups. Just prior to the release of High Sierra to the public on Oct. 31, Wardle found a major issue within Apple’s password manager, which is called the Keychain (see Beware: Apple’s Password Manager Has a Zero-Day Flaw).
Keychain is an encrypted container that stores a variety of authentication credentials for disk images, WiFi networks and other data, such as credit card numbers and banking PINs.
Wardle wrote proof-of-concept code that pulls those credentials in plain text without entering the system password, which is usually required to access Keychain data. A victim would have to be logged in for the attack to work. Apple has patched the bug.
The company also had to fix an issue found by Mathews Mariano of Leet Tech, which involved encrypted containers that used Apple’s latest file system, APFS. The password for an encrypted container was revealed if someone clicked to get a hint for it.
强化网络安全意识宣传网络信息安全重要性

智能手机越来越普及,比电脑方便携带,却拥有几乎比电脑还强大的功能,移动应用也越来越多,移动互联网运营商可有所作为,但是更重要的是终端的安全和应用的安全。

猜您喜欢

…伞梦幻玛丽如何 滑翔伞梦幻玛丽介绍_游戏攻略_太平洋电脑网…
保密意识公开课
网络安全法培训短片
无照驾驶56年 德国74岁男子因小交通事故被发现 网友:难道是因为地广
HOMEWORLDREMASTERED TIFFANYDISCOUNT
网络信息安全的发展趋势展望