Apple Patches Critical Root Access Flaw in macOS

Apple has released a security update for macOS High Sierra in an effort to patch a critical authentication bypass vulnerability that can be easily exploited to gain root access to a system.
The flaw was first mentioned on Apple developer forums on November 13 by a user who had been trying to help others solve a macOS issue related to all their admin accounts being turned into regular accounts after updating to High Sierra. However, Apple apparently only learned of it on Tuesday after a Turkish web developer sent a tweet to Apple Support and the press started covering the issue.
教授海外学术交流遇谍记-国家安全法、保密意识、防间谍宣传
Within 24 hours of the tweet, Apple announced that High Sierra has been updated to version 10.13.1 to address the vulnerability, which the company tracks as CVE-2017-13872.
Apple has described the flaw as a logic error in the validation of credentials. “An attacker may be able to bypass administrator authentication without supplying the administrator’s password,” the company said in its advisory.
According to the tech giant, the vulnerability does not affect macOS Sierra 10.12.6 and earlier versions of the operating system.
CVE-2017-13872 can be easily exploited. Access “System Preferences” from the Apple menu and click on any of the categories that require administrator privileges in order to make changes (e.g. Security & Privacy, Users & Groups, Parental Controls). Then click on the lock icon in the bottom left corner of the window and enter the username “root” with any password when prompted. The Enter key or the Unlock button must be hit twice.
Initial reports suggested that the exploit worked by entering the username “root” with a blank password. However, researcher Tom Ervin clarified that the attack works with any password. The password entered becomes the password for the root account, and if the field is left blank there will be no password on the root account.

访问控制里面包含物理区域的隔离,账号及权限的管理等工作。
It’s worth noting that the attack is possible only if the root account has not been enabled and a password has not been set for it – Apple has deactivated the root account by default.
Experts pointed out that the attack can be executed remotely if sharing services are enabled. Ervin has published a video showing how to conduct a remote attack:
知名组织的博客被黑事件很多,用户名和密码的数据库外泄是最惨的了,不过相对于主网站页面来讲,博客往往动态性更强,但是显然安全管理级别稍低。

猜您喜欢

位置定位服务LBS泄漏私密信息
工作场所物理安全
网络安全法宣传推广视频 004《网络安全法》的突出亮点
在俄罗斯森林中,挖出了一些纳粹德军的武器装备
CSSYA GREATMARKETINGTOOLS
网络安全公益短片个人信息保护实战