bug   17952

« earlier    

details bug where you could login with root simply by hitting enter twice on password field on mac with no root setup
apple  bug  security  macos  analysis 
4 days ago by cocoasamurai
Apple Patches MacOS High Sierra Login Vulnerability - SecureMac
“Is Apple getting sloppy?”
That was the headline of a BBC article published on Wednesday, November 29th, 2017, reporting the discovery of a major security issue in Apple’s MacOS High Sierra operating system. It seems that a bug within the OS made it possible for anyone to access a High Sierra computer by exploiting a simple login loophole.
Usually, when you login as a user on a Mac, you must enter your username and password. On machines running High Sierra, though, it was possible to enter “root” as the username, leave the password field blank, and then click the login button several times in succession. This process allowed someone to access a Mac computer running High Sierra—even if they didn’t have an actual username or password – and worse yet, as root!
The vulnerability garnered global attention on Tuesday, November 28th, when software developer Lemi Orhan Ergin tweeted a message to Apple Support to report the problem. Apple quickly responded to Ergin’s tweet and set to work developing a patch to fix the issue.
0day  10.13  bug  macOS  passwords  privacy  root  security 
6 days ago by rgl7194
Updating macOS can bring back the nasty “root” security bug | Ars Technica
The security fix was rolled back when users updated to macOS 10.13.1.
The serious and surprising root security bug in macOS High Sierra is back for some users, shortly after Apple declared it fixed. Users who had not installed macOS 10.13.1 (and thus were running a prior version of the OS when they received the security update) found that installing 10.13.1 resurfaced the bug, according to a report from Wired.
For these users, the security update can be installed again (in fact, it would be automatically installed at some point) after updating to the new version of the operating system. However, the bug is not fixed in that case until the user reboots the computer. Many users do not reboot their computers for days or even weeks at a time, and Apple's support documentation did not, at first, inform users that they needed to reboot. So some people may have been left vulnerable without realizing it. The documentation has been updated with the reboot step now.
0day  10.13  bug  macOS  passwords  privacy  root  security 
6 days ago by rgl7194
Apple iOS 11 security 'downgrade' decried as 'horror show' • The Register
Ability to reset iTunes Backup passwords unravels layered protection, claims researcher
apple  ios  bug  security 
7 days ago by jchris

« earlier    

related tags

'root'  0day  10.13  1013  11  20  7  access  accessability  admin  aftershot  ajax  an  analysis  angular  annoyance  another  anyone  apple's  apple  applewatch  apple’s  article  asm  autocorrect  automatic  binary  black  bugfix  bugtracking  bugzilla  build  c-lang  c-reduce  clever  cli  comes  commandline  computer-games  cool  corel  crouton  csp  css  daring_fireball  dead  debug  debugging  desktop-dungeons  dev  digital  digkam  discussion  django  doors...  email  embarrassing  evil  exe  executable  exploit  fail  file-sharing  filemanager  filesharing  filesharingbug  fix  fixes  for  framework  frontend  fun  funny  gcc  gentoo  github  gives  gmail  gnome  go  golang  grafana  grep  gulp  harrowing  has  high-sierra  high  highsierra  homekit  hours...  hours  html  iframe  important  intellij  introduces  ios  iphone  javascript  jm  jquery  js  kanban  kbase  kde  key  keyboard  kill  killer  krebs  late  learning  left  library  lightroom  linus  linux  mac  macos  marketing  memory  messes  microsoft  mobile  mozilla  mycomment  netlink  new  objective-c  of  oom  open  opensource  osx  out  passwords  patch  privacy  process  program  programming  prometheus  pump  python  qa  quality  radar  recompile  reduce  report  romana  root-cause  root  runtime  safety  screen  security  securityupdate  session  sidekiq  sierra  software  softwaredevelopment  softwareengineering  solution  space  stack  strace  super...  support  text  that...  that  the  themorningpaper  tips  too  toolkit  tracking  twitter  uat  ubuntu  up  update  users'  vdso  web  webdesign  webdevelopment  webextensions  wikipedia  windows  workaround  world  xdg-open  xfce  yubikey   

Copy this bookmark: