Surprise, surprise! Security by obscurity fails Apple's MacOS

Enlarge ImageA demonstration of the security flaw.                  CNET

Enlarge ImageA demonstration of the security flaw. CNET

The vulnerability does not always work on the first attempt, but simply continuing to click the "Unlock" button with "root" entered as the username and no password provided will eventually unlock the machine. And there's no security check, according to developer Lemi Ergin, who spotted the bug. Then, instead of entering a password, you can type in "root" for the username and leave the password field empty.

You can patch this problem right now by creating a root account manually and giving it a secure password.

Epic Games sues minor for cheating in Fortnite, gets lambasted by mother
The game involves a contest between a large number of human players, with as many as 100 people facing off in a single round. This software typically makes it easier to aim guns, allowing players to automate the act of defeating opponents.

Indeed, we tested this out on a Mac running 10.13.2 High Sierra - although it should work on the current 10.13.1 build - and it works quite easily. Then, click the "Join" button beside "Network Account Server" and a new panel will pop up.

Enter "root" again with no password. MacOS users may want to mitigate the issue themselves by assigning a root password or disabling the root account in System Preferences - User Groups on your Mac device. You can check your version of macOS by clicking on the Apple logo in the upper lefthand corner of your screen and clicking "About this Mac".

Wenger certain Ozil, Sanchez not leaving in January
After years of disruption and injury problems, Jack Wilshere is finally back fully fit and playing well in an Arsenal shirt. Asked about the players' futures on Tuesday, Wenger said: "I'm not the only one who can decide that".

IBT reached out to Apple for comment regarding the discovery of the security vulnerability but did not receive a response at the time of publication. It's likely that you'd have to be running a certain version of High Sierra to get the same results.

As of now, it's unclear how something like this could have slipped past Apple and Apple tends to keep errors like this under wraps and doesn't disclose much about them. Some users have reported triggering the exploit from the login screen, but we could only consistently recreate the issue from System Preferences.

Kohli rested for ODI series, Rohit to lead
A passionate supporter of Manchester United, he idolises Roger Federer and is also a World Wrestling Entertainment (WWE) maniac. When you lose concentration after a hundred, maybe two wickets can fall quickly.

Now click Edit Enable Root User in the menu bar.

Recommended News

  • YouTube Pulls Exploitative Child Videos as Advertisers Flee

    YouTube Pulls Exploitative Child Videos as Advertisers Flee

    There simply aren't enough humans to monitor so much video, and many claim the protective algorithms in place often don't work. Well, it is not surprising since YouTube Go is for select countries where most people don't have the access to fast internet.
    Keystone pipeline to restart operations on Tuesday

    Keystone pipeline to restart operations on Tuesday

    The company continues to review last week's ruling and how it will affect the cost and schedule for the project, Cunha said. Keystone transports oil from Alberta, Canada, to refineries in Texas.
    Michael Crabtree, Aqib Talib unlikely to be suspended for fight?

    Michael Crabtree, Aqib Talib unlikely to be suspended for fight?

    The first half of it was him being extra. "I hope the league sees how it started", Talib said when asked if he fears a suspension. Broncos cornerback Chris Harris, Jr . said Crabtree sucker-punched him in the groin on the play prior to the fight breaking out.
  • Zimbabwe in chaos as President SACKS entire cabinet

    Zimbabwe in chaos as President SACKS entire cabinet

    The development was confirmed Friday as successor Emmerson Mnangagwa was sworn into office following a bloodless coup. Under law in Zimbabwe, suspects must appear in front of a court within 48 hours of detention.
    U.S.  charges three Chinese for hacking corporations

    U.S. charges three Chinese for hacking corporations

    The APT3 hacking group is also known as BuckEye, UPS Team, Gothic Panda and TG-011. All three indicted suspects are still at large and residing in China.
    Shiffrin dominates Killington slalom

    Shiffrin dominates Killington slalom

    Ahead with an insurmountable.89 lead in the slalom, Shiffrin, smiling ear-to-ear, was asked if she had anything to say. Slovakia's Petra Vlhová, who won the last two World Cup slaloms, finished 1.64 seconds behind in the runners-up spot.
  • WaPo Reveals a Political Activist Faked a Roy Moore Story

    WaPo Reveals a Political Activist Faked a Roy Moore Story

    While O'Keefe refused to comment to Washington Post reporters at the time, he later came outside to speak with journalist Aaron C. The Post also published video footage of one of its reporters speaking to the woman who claimed to be Moore's victim.
    Arlington Mall evacuated after officer-involved shooting

    Arlington Mall evacuated after officer-involved shooting

    Police said the man fled from security and got on the escalator to the second floor, near the food court, the NYDailyNews reports. No civilians were injured. "The still images and video back up the officer's story, so this won't take long to be resolved".
    Woman with Down syndrome wins 'Spirit of Miss USA'

    Woman with Down syndrome wins 'Spirit of Miss USA'

    She is also an intern at the university's child care center and an ambassador for the nonprofit Best Buddies. The 22-year-old is from Stillwater, Minnesota - which is almost 30 miles west of Minneapolis .
  • UP civil polls: Rajnath Singh, Dinesh Sharma cast votes in 2nd phase

    UP civil polls: Rajnath Singh, Dinesh Sharma cast votes in 2nd phase

    The Yogi Adityanath government had recently merged the Vrindavan and Mathura municipal boards to form the Mathura Nagar Nigam. Earlier, reports from polling stations across Lucknow suggested that voting was halted after machines started malfunctioning.
    Why The World Is Waiting To Hear If The Pope Says 'Rohingya'

    Why The World Is Waiting To Hear If The Pope Says 'Rohingya'

    Myanmar denies any wrongdoing despite testimony by refugees pointing to a widespread campaign of rape, murder and arson. He will then go to Bangladesh, where a small group of refugees will meet him in a symbolic motion.
    Changes Are Coming to the Senate Tax Plan

    Changes Are Coming to the Senate Tax Plan

    The changes, if adopted, would be the biggest USA tax overhaul in three decades. He has said he'd allow for "reasonable" estimates of economic growth.

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.