Surprise, surprise! Security by obscurity fails Apple's MacOS

Lemi Orhan Ergin on Twitter:

macOS High Sierra security vulnerability discovered, here's how to set root password for fix

In the User Name field, enter root and leave the password field blank.

The bug is present in MacOS High Sierra 10.13.1, the current version released to users, and the macOS 10.13.2 beta that is still being tested. That is the full Unix root account, which has superuser privileges that enable it to see and modify any file in any account. Some users have reported triggering the exploit from the login screen, but we could only consistently recreate the issue from System Preferences. "Never mind one from a security and privacy-conscious company such as Apple", Steve Troughton-Smith, a Mac software developer, wrote on Twitter.

Ergin tweeted about the flaw on Tuesday, and as of the time of publication, all MacOS High Sierra machines are still vulnerable.

Sindhu loses to Tai in Hong Kong Open final
It was a dominating performance by Tzu-Ying who displayed why she is the top-ranked player in the women's game now . Sindhu will be eyeing her third Superseries title after wins in the India Open in New Delhi and in South Korea.

The level of unbridled access this security hole permits - and it abruptly being made public - will nearly certainly prompt Apple to move fast in releasing an update for its Mac operating system.

To do so, open the System Preferences and click on the "Users & Groups" option.

Enter "root" again with no password. Anyone can login as "root" with empty password after clicking on login button several times.

Charitable Startups to Check Out on Giving Tuesday
Telemarketing-style phone calls can make you feel pressured to give money to an organization you might not have ever heard of. All you have to do is put in your home address, and you'll get a list of organizations for you to choose from.

Let's make this clear: this is a huge mistake on Apple's part, even if there's a relatively simple fix. When Directory Utility opens in a new window, go to the menu bar and select Edit Enable Root User, then enter a password for the root user. This is a level of access that is well in excess of a normal admin account that is created when adding users on a Mac.

After going through the above steps, the attacker can then log out, and choose the "Other" option that appears on the login screen.

You can patch this problem right now by creating a root account manually and giving it a secure password.

Royal family reportedly thrilled with Prince Harry's engagement
It was said that Prince Harry has informed her grandmother, Queen Elizabeth II, and other members of the royal family. Her father was a TV lighting director for soaps and sitcoms and her mother a clinical therapist.

Latest News