Major Apple security flaw grants admin access on macOS High Sierra without password

科技动态 2017-11-29 阅读原文

There seems to be a major flaw in Apple’s macOS High Sierra operating system that allows anyone to log into a machine and gain system administrator access without so much as entering a password. The vulnerability has been publicly disclosed on Twitter; it’s not clear whether the problem was privately reported to Apple ahead of time, which is the encouraged practice when security vulnerabilities are uncovered. (The company maintains an invite-only bug bounty program
.) Despite its incredibly alarming simplicity, The Verge
is not reproducing the steps here.

However, The Verge
has been able to confirm the major security issue remains present as of MacOS 10.13.1, the current release of High Sierra. When the problem is exploited, the user is authenticated into a “System Administrator” account and is given full ability to view files and even reset or change passwords for pre-existing users on that machine. Apple ID email addresses tied to users on the Mac can be removed and altered, as well.

The level of unbridled access this security hole permits — and it abruptly being made public — will almost certainly prompt Apple to move fast in releasing an update for its Mac operating system.

The Verge

责编内容by:The Verge阅读原文】。感谢您的支持!

您可能感兴趣的

Apple Seeds macOS High Sierra Public Beta 2 to Pub... Apple has already made it to the second developer beta of macOS High Sierra, and now the company has released the public beta. We knew the...
华住旗下酒店5亿信息疑被泄,专家:或因华住程序员失误所致... 出现这种问题大多是企业内部的安全管理、员工整体安全意识不强,这类信息泄露很可能已经进入网络黑产链条,影响恐难以弥补。 华住集团旗下酒店开房记录疑似泄露,涉及共计约5亿条公民个人信息。此事一经披露随即引发公众关注。 此次信息泄露的情况最早由民间非企运营互联网安全组织“网络尖刀”团队和互联网...
Cyber security incidents could cost Aussie busines... Fear and doubt of cyber risks has led 66 per cent of Australian businesses to put off digital transformation plans, with security incidents potentiall...
Hacking the Wind A security researcher at Black Hat USA shows how wind turbine systems are susceptible to potentially damaging cyberattacks. BLACK HAT USA – Las Vega...
First review of “IT Security Risk Control Ma... First review of "IT Security Risk Control Management: An Audit Preparation Plan" Bowling Green Daily News has a pretty comprehensive review of...