Major Apple security flaw grants admin access on macOS High Sierra without password

科技动态 2017-11-29 阅读原文

There seems to be a major flaw in Apple’s macOS High Sierra operating system that allows anyone to log into a machine and gain system administrator access without so much as entering a password. The vulnerability has been publicly disclosed on Twitter; it’s not clear whether the problem was privately reported to Apple ahead of time, which is the encouraged practice when security vulnerabilities are uncovered. (The company maintains an invite-only bug bounty program
.) Despite its incredibly alarming simplicity, The Verge
is not reproducing the steps here.

However, The Verge
has been able to confirm the major security issue remains present as of MacOS 10.13.1, the current release of High Sierra. When the problem is exploited, the user is authenticated into a “System Administrator” account and is given full ability to view files and even reset or change passwords for pre-existing users on that machine. Apple ID email addresses tied to users on the Mac can be removed and altered, as well.

The level of unbridled access this security hole permits — and it abruptly being made public — will almost certainly prompt Apple to move fast in releasing an update for its Mac operating system.

The Verge

责编内容by:The Verge阅读原文】。感谢您的支持!

您可能感兴趣的

NBN Co says Internode has not made contact over us... NBN Co, the company rolling out Australia's national broadband network, the NBN, says it has not been approached by A...
苹果被迫降低App Store收费比例?这波血亏... 如果苹果被迫大幅下调 App Store 的佣金率,可能会损失 160 亿美元的利润。 本周有报道称,苹果的 App Store 可能会失去其收入最高的应用之一,因为 Netflix 正试图绕过 iTunes 的收费系统。一位分...
BroCon is coming: 10-12 Oct 2018 Arlington VA Do you know Bro? If you work in the network security world you most likely do. Bro is an open-source network security mo...
Infosys gets Australian Open gig as IBM given the ... Tennis Australia's technology needs for the Australian Open in 2019, and for the next two years thereafter, will be prov...
Essential Phone Gets November Security Patch, Supp... Essential , always timely with its updates, is pushing out the newly released November security patch t...