科技创新!
Apple macOS High Sierra has a huge security vulnerability
Well this isn't good. A bug in Apple macOS High Sierra can let anyone gain admin access to a Mac. To make matters worse, once that access has been gained, an attacker can later log back into the locked device anytime.
Published to Twitter on Tuesday by software engineer Lemi Orhan Ergin, the vulnerability is alarmingly straightforward. The flaw allows someone to create a kind of phantom profile, one that can log into the Mac with admin access, but it won't show up on a real admin account.
Once the phantom account is created, a user simply needs to enter "root" as a username and, without entering a password, hit enter to unlock. Importantly, the hacker first has to have access to a unlocked computer to be able to pull this off. But still, it's bad.
Mashable confirmed this security flaw exists on macOS High Sierra 10.13.0.
This Tweet is currently unavailable. It might be loading or has been removed.
This Tweet is currently unavailable. It might be loading or has been removed.
Anyone looking to exploit the flaw would in most cases first need physical access to the machine while an admin is logged in. They would only need access for a few seconds, though, and then could return anytime to log in as an admin.
However, should a vulnerable machine also happen to have screen sharing turned on, it is reportedly remotely vulnerable as well.
This Tweet is currently unavailable. It might be loading or has been removed.
This Tweet is currently unavailable. It might be loading or has been removed.
"We are working on a software update to address this issue," explained Apple when reached for comment. "In the meantime, setting a root password prevents unauthorized access to your Mac."
Instructions to do so can be found on an Apple support page.
This story has been updated with information about remote exploitation, as well as a statement from Apple.
Featured Video For You
This eco-friendly fabric can repel stains and odors
友链
外链
互链
Copyright © 2023 Powered by
Apple macOS High Sierra has a huge security vulnerability-声闻过情网
sitemap
文章
4442
浏览
1187
获赞
6
热门推荐
These new photos of Prince Louis will make you swoon at his cuteness
There's one relatively new royal family tradition that I can definitely get behind. That's the birthPompeii victim crushed by giant rock generates dark humor on the web
Even centuries later, one of the world's most famous catastrophes continues to yield amazing discoveWhy Google wants search results to look like social media
For all its behind-the-scenes innovation, Google Search has looked more or less the same for the lasJustin Timberlake just got involved in the greatest World Cup meme
If you've been anywhere near the internet or the TV over the past week, chances are you'll have hearSophie Turner chugging wine on a Jumbotron is deeply inspiring
Game of Thronesstar Sophie Turner (also known as Sansa Stark) dabbed then chugged a glass of red winMacron straight
The 2018 G7 summit is a nice opportunity for world leaders to gather and chat about important issues2018 World's Ugliest Dog contest crowns a bulky bulldog as the winner
All dogs are good dogs. But all dogs are notbeautiful dogs (on the outside, at least).The World's UgNetflix consumes 15 percent of the world’s internet traffic, report says
Video is taking over the internet, but it's never been more obvious than when you look at who's hoggFacebook bans far right ‘Boogaloo’ accounts from its platform
Facebook is cracking down on the Boogaloo movement.On Tuesday, the social media giant announcedthatI drove my first all
It was eerily quiet.I was driving a Jaguar -- my first time in the driver's seat of any vehicle from10 hidden features in iOS 12
With any software upgrade, there's a lot to unpack. Apple's iOS 12 is no different. You probably notWatch Trump bungle his way through the lyrics to 'God Bless America'
Donald Trump, the president, either does not know or does not care about the lyrics to "God Bless AmDonald Trump is back on Twitch after a short ban for ‘hateful conduct’
How long will you get banned from Twitch for disparaging immigrants on multiple livestreams?The answUK newsapper industry wants Google and Facebook to pay journalism tax
Google, Facebook and other sites that host news content on their platforms should pay an annual taxPride may be over, but here's how to celebrate LGBTQ Wrath month
Hope everyone had fun during LGBTQ Pride month! Please be advised that happiness is now over. Queer