cancel
Showing results for 
Search instead for 
Did you mean: 

Security Flaw - Oops!

magicbus
Explorer
Explorer
Anyone Can Hack MacOS High Sierra Just by Typing "Root"

Dave
Current: 2018 Winnebago Era A
Previous: Selene 49 Trawler
Previous: Country Coach Allure 36
14 REPLIES 14

wnjj
Explorer II
Explorer II
MNGeeks61 wrote:
Anyone who doesn't immediately change a blank/default admin password...well, seems silly.

anyone here remember MS Sql's blank password issue? 🙂


Did the OS prompt them to change it? I'd venture to guess most of their users never heard of root.

MNGeeks61
Explorer
Explorer
Anyone who doesn't immediately change a blank/default admin password...well, seems silly.

anyone here remember MS Sql's blank password issue? 🙂

OldF__t
Explorer
Explorer
Apple provided a security update fix for this yesterday. Unfortunately the update has a bug for some users pertaining to file sharing that requires a terminal command to fix.
Jim
2021 Grand Design 303RLS
2019 Ford F350 DRW LB CC

ljr
Nomad
Nomad
bwanshoom wrote:
ljr wrote:
It doesn’t matter unless you’ve enabled root login. “sudo” is a better tool for privileged access anyway.
From what I've read, the issue occurs even if you have not explicitly enabled root login. That's part of the problem - the OS is seemingly enabling the root account to check the password and that's why when you try the login with a blank password you have to try it twice.


I’ll take your word for it. The two Macs I could access before I applied the fix have root passwords assigned so I can’t try it.
Larry

2012Coleman
Explorer II
Explorer II
bwanshoom wrote:
ljr wrote:
It doesn’t matter unless you’ve enabled root login. “sudo” is a better tool for privileged access anyway.
From what I've read, the issue occurs even if you have not explicitly enabled root login. That's part of the problem - the OS is seemingly enabling the root account to check the password and that's why when you try the login with a blank password you have to try it twice.
Very True - the current reported OS bug bypasses the fact that root is disabled. You simply have to try more than once.

If you have a computer running macOS High Sierra, you can address this immediately by assigning a password to “root” so that unauthorized parties who might attempt to exploit the flaw won’t be able to login in without it. To do this, simply open the “Directory Utility” app and click the “Edit” dropdown menu in the toolbar. You can then click on the “Change Root Password” entry to enter a new password.

I'd have a password for root regardless of any patch.
Experience without good judgment is worthless; good judgment without experience is still good judgment!

2018 RAM 3500 Big Horn CTD
2018 Grand Design Reflection 303RLS

bwanshoom
Explorer
Explorer
ljr wrote:
It doesn’t matter unless you’ve enabled root login. “sudo” is a better tool for privileged access anyway.
From what I've read, the issue occurs even if you have not explicitly enabled root login. That's part of the problem - the OS is seemingly enabling the root account to check the password and that's why when you try the login with a blank password you have to try it twice.
2010 Cougar 322 QBS
2008 Chevy Silverado 2500HD LMM CC/SB 4x4 LTZ
Pullrite SuperGlide 18K

ljr
Nomad
Nomad
magicbus wrote:
ljr wrote:
It doesn’t matter unless you’ve enabled root login. “sudo” is a better tool for privileged access anyway.

Speaking as a Unix weenie and developer, I can't help but wonder how many of the millions of Mac owner's in the world have a clue what this means. I don't think Apple wants their customer base to have to know or care.

Dave


Speaking as another unix weenie (ret), you’re right. Anybody that knows what root is and how to enable it is probably safe anyway.

The moral of the story is that if you don’t know what we’re talking about you probably don’t need to be concerned about this. You’d have no reason to do the things that would put you at risk.
Larry

magicbus
Explorer
Explorer
ljr wrote:
It doesn’t matter unless you’ve enabled root login. “sudo” is a better tool for privileged access anyway.

Speaking as a Unix weenie and developer, I can't help but wonder how many of the millions of Mac owner's in the world have a clue what this means. I don't think Apple wants their customer base to have to know or care.

Dave
Current: 2018 Winnebago Era A
Previous: Selene 49 Trawler
Previous: Country Coach Allure 36

ljr
Nomad
Nomad
It doesn’t matter unless you’ve enabled root login. “sudo” is a better tool for privileged access anyway.
Larry

1492
Moderator
Moderator
We were just talking about this today in our enterprise security meeting. Didn't effect our organization as High Sierra has not yet been approved as an OS upgrade. Only five isolated test Macs are running it. Though a pretty big oversight by Apple?

I refrain from upgrading my personal Macs until it passes our enterprise security testing.

Mortimer_Brewst
Explorer II
Explorer II
Apple has released an update.
If ethics are poor at the top, that behavior is copied down through the organization - Robert Noyce

2018 Chevy Silverado 3500 SRW Duramax
2019 Coachmen Chaparral 298RLS

Campfire_Time
Explorer
Explorer
GordonThree wrote:
In summary, this is a physical, local only attack. Don't leave your Mac someplace where unauthorized use could occur.


Don't be too comfortable with that notion. The fix is simple though and should be done regardless. Read on...

https://krebsonsecurity.com/2017/11/macos-high-sierra-users-change-root-password-now/
Chuck D.
“Adventure is just bad planning.” - Roald Amundsen
2013 Jayco X20E Hybrid
2016 Chevy Silverado Crew Cab Z71 LTZ2
2008 GMC Sierra SLE1 Crew Cab Z71 (traded)

Irover
Explorer
Explorer
There is a way to stop this before Apple get readied a patch! Search and type "Mac OS Sierra root". there is a thread on what to do to do.

GordonThree
Explorer
Explorer
In summary, this is a physical, local only attack. Don't leave your Mac someplace where unauthorized use could occur.
2013 KZ Sportsmen Classic 200, 20 ft TT
2020 RAM 1500, 5.7 4x4, 8 speed