Updated A trivial-to-exploit flaw in macOS High Sierra, aka macOS 10.13, allows users to gain admin rights, or log in as root, without a password.
The security bug can be triggered via the authentication dialog box in Apple’s operating system, which prompts you for an administrator’s username and password when you need to do stuff like configure privacy and network settings.
If you type in “root” as the username, leave the password box blank, hit “enter” and then click on unlock a few times, the prompt disappears and, congrats, you now have admin rights. You can do this from the user login screen.
The vulnerability effectively allows someone with physical access to the machine to log in, cause extra mischief, install malware, and so on. You should not leave your vulnerable Mac unattended, nor allow remote desktop access, until you can fix the problem.

And while obviously this situation is not the end of the world – it’s certainly far from a remote hole or a disk decryption technique – it’s just really, really sad to see megabucks Apple drop the ball like this.
第三方商业软件安全问题严重,开源软件却做得很好,组织的IT管理层也应评估一下新的战略选择,来更好更安全地满足业务的应用系统需求。
Developer Lemi Orhan Ergan alerted the world to the flaw via Twitter in the past hour or so:
You can access it via System Preferences>Users & Groups>Click the lock to make changes. Then use “root” with no password. And try it for several times. Result is unbelievable! pic.twitter.com/m11qrEvECs
个人电脑安全基础操作指南
— Lemi Orhan Ergin (@lemiorhan) November 28, 2017
You can login this way as well. It’s 2017. Intentional backdoor.
— Earle Ady (@earle) November 28, 2017
It gets worse. You can use this programming blunder to disable FileVault…
oh god this actually works and it lets you do everything like turn off FileVault, well done Apple. pic.twitter.com/vQAqEK39Vk
— Jon (@jonp__) November 28, 2017
But there is a workaround for now. If you have configured a root password, the above blank password trick will not work. So, set a root password right now…
Everyone with a Mac needs to set a root password NOW.
As a user with admin access, type the following command from the Terminal.
sudo passwd -u root
Enter your password then a new password for the root user.
Anyone got a better fix?@SwiftOnSecurity @rotophonic @pwnallthethings
— colourmeamused (@colourmeamused_) November 28, 2017
El Reg was able to replay the bug on our office Macs running High Sierra, which was released in September. A spokesperson for Apple was not immediately available for comment. Apparently, it’s all due to the operating system accidentally creating a blank root account:
Thanks. We’ve confirmed this on 2 Macs & are writing it up. Procedure creates new Root account, no password, runs root commands w/o sudo.
— Paul Wagenseil (@snd_wagenseil) November 28, 2017
This is not the password-less future we all had in mind.
— Mike Hanley (@mhanley_duo) November 28, 2017
Chalk this up as just the latest embarrassing flaw in Apple’s newest flavor of macOS, the OS formerly known as OS X. In October, fans noted that High Sierra would also do things like disclose the password for encrypted drives, and cough up account credentials to untrusted applications.
Earlier builds of the OS also had a habit of ruining the hard drives in iMacs, and rendering kernel-level security protections effectively useless, thanks to buggy code implementations.
Let’s hope Apple engineers can do a bit better with next year’s release, or we may all be left hoping for that iOS to Mac conversion sooner than later. We’ll update this article as and when new information arrives. The latest High Sierra beta release is not affected, apparently. ®
Updated to add
Apple has just now published this handy guide to enabling the root account and setting a password for it, which defeats the above exploit. Setting a password and then disabling root may also work for you: in any case, set a password for the root account.
And to reiterate, watch out if you have remote desktop access switched on for your Mac – VNC, RDP, screen sharing and similar can be used to gain admin rights on your computer via this vulnerability. So set a root password for now, and don’t forget it.
Apple is working on a software patch to correct the issue – which is good news because the bug can be triggered via the command line and not just the interactive GUI. This means malware and naughty apps can now automatically and silently grab root privileges on High Sierra Macs, allowing them to cause real damage.
$ osascript -e ‘do shell script “id” with administrator privileges user name “root” password “”‘
uid=0(root) gid=0(wheel) egid=20(staff) groups=0(wheel) [..]
— Valerio Mulas (@drakkars) November 28, 2017
利用相关热点新闻事件的诈骗份子可会好好利用灾难时机,组织在这个时候要加强员工计算机安全意识的培训,不要点击那些猎奇的小道消息来源链接及附件。

猜您喜欢

沪青少年网络安全学习有望融入课程 超8成青少年曾遇不良信息
网络安全宣传之电信诈骗防范
Cyber Security Law 网络安全法宣传视频《网络安全法》背景知识
白宫新装迎圣诞
MATRIMONYSEARCH THELOTTER
解读“电信和互联网用户个人信息保护规定”