MacOS gives users full admin rights without password

By

Set a root password to prevent unauthorised access.

Apple’s macOS High Sierra operating system contains an easily exploitable vulnerability that enables the root superuser account without a password, giving attackers full access to all parts of Mac computers.

MacOS gives users full admin rights without password

The issue was made public by software developer Lemi Orhan Ergin, who demonstrated the flaw and reported it to Apple's tech support account.

iTnews was able to replicate the flaw and access a Mac without a password as the root superuser from the main log in screen.

Even when it's not possible to enter a user name at the main macOS login screen, the flaw can be exploited via the system preferences settings.

An attacker can for instance enter root as the username in the users and groups preferences setting, leaving the password field blank, and clicking on the unlock button.

After that, it's possible for an attacker to add new accounts with full administrative rights.

Attackers with root privileges could turn off macOS security features such as FileVault disk encryption, install malware, and copy and delete data.

Security researcher Patrick Wardle noted the flaw can also be exploited remotely if the target macOS system has resource sharing services enabled.

Attempting to log in creates the root account with a blank password, Wardle said. If the root account is disabled, logging in remotely re-enables it.

Despite suggestions that the flaw can be mitigated by disabling the computer's guest account, this will not work - it simply restarts the computer with Safari the only application running.

It is possible to mitigate against the flaw, however, by adding a password for the root user in the users and groups preferences pane.

Users can click on the login options button, then select the join network account server option.

In the dialog that pops up, click on open directory utility, and from the tool's menubar, select the edit item, and then change root password.

Disabling the root account in the open directory utility tool does not work, as the root account becomes re-enabled when entered into the user name field on login.

 

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
applemacossecurity

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?