Good Sam Community

magicbus · ‎Nov-29-2017

Anyone Can Hack MacOS High Sierra Just by Typing "Root"

Dave

Current: 2018 Winnebago Era A
Previous: Selene 49 Trawler
Previous: Country Coach Allure 36

wnjj · ‎Dec-01-2017

MNGeeks61 wrote:
Anyone who doesn't immediately change a blank/default admin password...well, seems silly.

anyone here remember MS Sql's blank password issue? 🙂

Did the OS prompt them to change it? I'd venture to guess most of their users never heard of root.

MNGeeks61 · ‎Dec-01-2017

Anyone who doesn't immediately change a blank/default admin password...well, seems silly.

anyone here remember MS Sql's blank password issue? 🙂

OldF__t · ‎Nov-30-2017

Apple provided a security update fix for this yesterday. Unfortunately the update has a bug for some users pertaining to file sharing that requires a terminal command to fix.

Jim
2021 Grand Design 303RLS
2019 Ford F350 DRW LB CC

ljr · ‎Nov-30-2017

bwanshoom wrote:
ljr wrote:
It doesn’t matter unless you’ve enabled root login. “sudo” is a better tool for privileged access anyway.
From what I've read, the issue occurs even if you have not explicitly enabled root login. That's part of the problem - the OS is seemingly enabling the root account to check the password and that's why when you try the login with a blank password you have to try it twice.

I’ll take your word for it. The two Macs I could access before I applied the fix have root passwords assigned so I can’t try it.

Larry

2012Coleman · ‎Nov-30-2017

bwanshoom wrote:
ljr wrote:
It doesn’t matter unless you’ve enabled root login. “sudo” is a better tool for privileged access anyway.
From what I've read, the issue occurs even if you have not explicitly enabled root login. That's part of the problem - the OS is seemingly enabling the root account to check the password and that's why when you try the login with a blank password you have to try it twice.

Very True - the current reported OS bug bypasses the fact that root is disabled. You simply have to try more than once.

If you have a computer running macOS High Sierra, you can address this immediately by assigning a password to “root” so that unauthorized parties who might attempt to exploit the flaw won’t be able to login in without it. To do this, simply open the “Directory Utility” app and click the “Edit” dropdown menu in the toolbar. You can then click on the “Change Root Password” entry to enter a new password.

I'd have a password for root regardless of any patch.

Experience without good judgment is worthless; good judgment without experience is still good judgment!

2018 RAM 3500 Big Horn CTD
2018 Grand Design Reflection 303RLS

bwanshoom · ‎Nov-30-2017

ljr wrote:
It doesn’t matter unless you’ve enabled root login. “sudo” is a better tool for privileged access anyway.

From what I've read, the issue occurs even if you have not explicitly enabled root login. That's part of the problem - the OS is seemingly enabling the root account to check the password and that's why when you try the login with a blank password you have to try it twice.

2010 Cougar 322 QBS
2008 Chevy Silverado 2500HD LMM CC/SB 4x4 LTZ
Pullrite SuperGlide 18K

ljr · ‎Nov-29-2017

magicbus wrote:
ljr wrote:
It doesn’t matter unless you’ve enabled root login. “sudo” is a better tool for privileged access anyway.

Speaking as a Unix weenie and developer, I can't help but wonder how many of the millions of Mac owner's in the world have a clue what this means. I don't think Apple wants their customer base to have to know or care.

Dave

Speaking as another unix weenie (ret), you’re right. Anybody that knows what root is and how to enable it is probably safe anyway.

The moral of the story is that if you don’t know what we’re talking about you probably don’t need to be concerned about this. You’d have no reason to do the things that would put you at risk.

Larry

magicbus · ‎Nov-29-2017

ljr wrote:
It doesn’t matter unless you’ve enabled root login. “sudo” is a better tool for privileged access anyway.

Speaking as a Unix weenie and developer, I can't help but wonder how many of the millions of Mac owner's in the world have a clue what this means. I don't think Apple wants their customer base to have to know or care.

Dave

Current: 2018 Winnebago Era A
Previous: Selene 49 Trawler
Previous: Country Coach Allure 36

ljr · ‎Nov-29-2017

It doesn’t matter unless you’ve enabled root login. “sudo” is a better tool for privileged access anyway.

Larry

1492 · ‎Nov-29-2017

We were just talking about this today in our enterprise security meeting. Didn't effect our organization as High Sierra has not yet been approved as an OS upgrade. Only five isolated test Macs are running it. Though a pretty big oversight by Apple?

I refrain from upgrading my personal Macs until it passes our enterprise security testing.

Mortimer_Brewst · ‎Nov-29-2017

Apple has released an update.

If ethics are poor at the top, that behavior is copied down through the organization - Robert Noyce

2018 Chevy Silverado 3500 SRW Duramax
2019 Coachmen Chaparral 298RLS

Campfire_Time · ‎Nov-29-2017

GordonThree wrote:
In summary, this is a physical, local only attack. Don't leave your Mac someplace where unauthorized use could occur.

Don't be too comfortable with that notion. The fix is simple though and should be done regardless. Read on...

https://krebsonsecurity.com/2017/11/macos-high-sierra-users-change-root-password-now/

Chuck D.
“Adventure is just bad planning.” - Roald Amundsen
2013 Jayco X20E Hybrid
2016 Chevy Silverado Crew Cab Z71 LTZ2
2008 GMC Sierra SLE1 Crew Cab Z71 (traded)

Irover · ‎Nov-29-2017

There is a way to stop this before Apple get readied a patch! Search and type "Mac OS Sierra root". there is a thread on what to do to do.

GordonThree · ‎Nov-29-2017

In summary, this is a physical, local only attack. Don't leave your Mac someplace where unauthorized use could occur.

2013 KZ Sportsmen Classic 200, 20 ft TT
2020 RAM 1500, 5.7 4x4, 8 speed

Good Sam Community

Security Flaw - Oops!