Apple fixes root password bug: ‘Install this update as soon as possible’

Well, to their credit, it didn’t take Apple long to fix their horrendous bug that allowed anyone to log into computers running macOS High Sierra with admin rights, without needing to know a password.
The security update – which Apple advises should be installed “as soon as possible” – is being pushed out via the Mac App Store.

Here is how Apple is describing the vulnerability:
Directory Utility
Available for: macOS High Sierra 10.13.1
Not impacted: macOS Sierra 10.12.6 and earlier
Impact: An attacker may be able to bypass administrator authentication without supplying the administrator’s password
Description: A logic error existed in the validation of credentials. This was addressed with improved credential validation.
CVE-2017-13872
To install the security update, simply open Mac App Store and click on the “Updates” tab. All you have to do then is click on “Update”, and you’ll be sorted.
Kudos to Apple for readying a fix so quickly, but a security hole as big as this should never have got past quality control in the first place.
应用程序白名单让安全可控,一台电脑只能运行一两个工作相关的应用程序,实际上不少特殊行业都在使用白名单的方式,这种方式不但有助于防范病毒感染,降低软件盗版率,还能提升员工的工作效率,
For more discussion on this topic, be sure to listen to this episode of the Smashing Security podcast:
Your browser does not support this audio element.
Subscribe: Apple Podcasts | Google Play | Overcast | Stitcher | RSS for you nerds.
如何营销信息安全思想
重要文件加密是有效的保护措施之一,公司用户还应当配备能够跟踪敏感信息发送路径的系统。

猜您喜欢

如何推销信息安全思想观念
小议企业级信息安全管理
Security-Frontline-安全前线
韩媒称乐天寒冬未结束:中国不疼韩国也不爱
ESCORTU ROOTOLOGYHEALTH
安环人员眼中的最简单不过的EHS知识竟然可以这样宣传