Forums
New posts
Articles
Product Reviews
Policies
FAQ
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Menu
Log in
Register
Install the app
Install
Forums
General Discussions
Security Awareness
macOS High Sierra bug allows Admin access without password
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="cwa107" data-source="post: 1778639" data-attributes="member: 24098"><p>Also, we have a tendency to dismiss flaws like this by saying "...but it requires local access". Actually, in this case, it doesn't... all I need to do is develop a compelling trojan that gets the user to execute. From there, I can make my malware run in the context of root and completely own the system. If a crafty hacker hasn't taken advantage of this yet (it's been at least 12-14 hours since this hit mass media), I'd be amazed.</p><p></p><p>Why hasn't Apple released an immediate patch that sets the root password (at the very least)? Their lack of action indicates a severe cultural problem at Apple surrounding security.</p></blockquote><p></p>
[QUOTE="cwa107, post: 1778639, member: 24098"] Also, we have a tendency to dismiss flaws like this by saying "...but it requires local access". Actually, in this case, it doesn't... all I need to do is develop a compelling trojan that gets the user to execute. From there, I can make my malware run in the context of root and completely own the system. If a crafty hacker hasn't taken advantage of this yet (it's been at least 12-14 hours since this hit mass media), I'd be amazed. Why hasn't Apple released an immediate patch that sets the root password (at the very least)? Their lack of action indicates a severe cultural problem at Apple surrounding security. [/QUOTE]
Verification
Name this item. 🍎
Post reply
Forums
General Discussions
Security Awareness
macOS High Sierra bug allows Admin access without password
Top
