Major Apple security flaw grants admin access on macOS High Sierra without password

科技动态 2017-11-29

There seems to be a major flaw in Apple’s macOS High Sierra operating system that allows anyone to log into a machine and gain system administrator access without so much as entering a password. The vulnerability has been publicly disclosed on Twitter; it’s not clear whether the problem was privately reported to Apple ahead of time, which is the encouraged practice when security vulnerabilities are uncovered. (The company maintains an invite-only bug bounty program
.) Despite its incredibly alarming simplicity, The Verge
is not reproducing the steps here.

However, The Verge
has been able to confirm the major security issue remains present as of MacOS 10.13.1, the current release of High Sierra. When the problem is exploited, the user is authenticated into a “System Administrator” account and is given full ability to view files and even reset or change passwords for pre-existing users on that machine. Apple ID email addresses tied to users on the Mac can be removed and altered, as well.

The level of unbridled access this security hole permits — and it abruptly being made public — will almost certainly prompt Apple to move fast in releasing an update for its Mac operating system.

The Verge

责编内容by:The Verge (源链)。感谢您的支持!

您可能感兴趣的

科技巨头为何能与中国大数据公司实现“携手并进”?... 原标题:科技巨头为何能与中国大数据公司实现“携手并进”? 7月12日,贵州省政府与苹果公司签订了《贵州省人民政府 苹果公司iCloud(苹果公司提供的云端服...
Blockchain: the Solution to the Financial World’s ... The discussion about digital currency is admittedly a strained one. While advoc...
GeekPwn 2018: So you think you can fool AI? Editor’s note: This article was supported by GeekPwn . We believe in trans...
苹果ARKit和iMac升级将推动AR/VR发展 未来 6 到 18 个月内,虚拟现实市场将进一步受到刺激。 从 iOS 11 的发布以及更强大的 Mac 硬件的到来,我们可以看出苹果公司今年...
Need a Business Plan Template? Here Is Apple’... Business plans are often composed of four parts. There is typically an ex...