Horrifying macOS Bug Lets Anyone Become Admin With No Password

Horrifying macOS Bug Lets Anyone Become Admin With No Password

The bug was discovered by Lemi Orhan Ergin, whose Twitter profile shows him as a Turkish software developer.

The attacker needs only to head to Users & Groups, click the lock at bottom-left, then try to log in as "root" with no password. You really shouldn't leave your Mac unattended at all until Apple fixes this, and you should shut off guest access for your device. If the lock is unlocked, the machine is affected by the security flaw. This gives the attacker access to all administrator preferences in System Preferences...but that's only the beginning: this also enables a new, system-wide root user with no password.

Security issues with your products are never a good thing and when you have a user publically Tweet about one, it makes you move. Apple ID email addresses tied to users on the Mac can be removed and altered, as well.

Mesut Ozil out for Arsenal match against Huddersfield with illness
The German global is inside the final year of his Gunners contract at present, and is strongly linked with the exit door. But I've said to people before, he can't drag a team up by their laces and make them all play well.

El Reg was able to replay the bug on our office Macs running High Sierra, which was released in September.

Apple did not immediately return a request for comment, but Apple's Twitter support account did reply to Ergin asking for more details.

To do so, open the System Preferences and click on the "Users & Groups" option. As it turns out, it's remarkably easy for someone to gain admin access to the device; you don't even need a password.

Time Inc. agrees to be sold to rival publisher Meredith
Time Inc announced in June past year that it would slim down its cycling portfolio to focus on the flagship title Cycling Weekly . The publishing giant has a portfolio of 17 television stations in 12 markets, which reach an estimated 11% of USA households TVs.

According to reports (meaning we haven't tested this), this isn't an issue on older versions of the OS.

After going through the above steps, the attacker can then log out, and choose the "Other" option that appears on the login screen. After pressing Enter, they'll be logged in with full system administrator privileges.

Once in the "Join" menu, click on "Open Directory Utility". As a temporary fix, to prevent the bug from working, we suggest you enable a root account with a password.

Industrial strategy sets sights on 'world-leading' smart energy systems
The Strategy comes after a green paper consultation earlier this year received nearly 2,000 responses from industry and academia. Clean growth - we will maximise the advantages for United Kingdom industry from the global shift to clean growth .

Once a password has been set for the "root" account, the flaw that allows a person to login as "root" with no password will no longer work.