Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Major macOS High Sierra Bug Allows Full Admin Access Without Password - How to Fix [Updated]

archvile said:
Are you using a Mac with Touch ID by chance? Wonder if having a Secure Enclave has something to do with certain people not being able to do this.
Click to expand...

Nope, it's a 2015 MBP. When setting up a Mac is one asked for a root password? If so then it's quite possible I set that when I first set up my MacBook.

Apparently this is the command line version of the exploit using osascript:

$ osascript -e 'do shell script "id" with administrator privileges user name "root" password ""'

However when I run that I get:

execution error: The administrator user name or password was incorrect. (-60007)
 
chrfr said:
Typing option-return at the login window will bring up a name and password field even if you don't have another user enabled.
Click to expand...


Yes it will . But try to login as root with the password left blank . Even with the root account enabled with no password I'm not able to login .
 
Razeus said:
This is getting downright ridiculous Apple.
Click to expand...

Downright ridiculous? That an obscure bug was found? One that many will not experience? And one that Apple quickly addressed once discovered, saying an update will be coming soon and explaining how to correct the issue in the meantime?
 
  • Like
Reactions: the johnmc
usarioclave said:
This is pretty lame, and has to be intentional. This didn't happen on 10.12.
Click to expand...

Please don't make statements like that if you have no idea about software development. It looks like it's a regressive bug that resurfaced after after other changes were made.

Anyone who's worked on software development can tell you how easy it is for the simplest of foobars to have some of the most cataclysmic consequences. I had an application on Sql Server that, when given a password of 65 characters, blue screened the entire Windows server.
 
  • Like
Reactions: archvile
MacsRuleOthersDrool said:
Because it requires a REALLY specific SEQUENCE of actions.

You obviously have never developed software, or you wouldn't ask such a question.
Click to expand...
Some privilege-escilation bugs amaze me with their complexity. This is not one of them. Takes literally five seconds to exploit, and the only thing very specific about it is the username root, which anyone who is familiar with Unix can think of trying.

I'd say this is a pretty big screw-up that should've been caught in testing.
 
  • Like
Reactions: haruhiko
Tried several times, was not able to get in.

Following Apple's directions I determined that I had previously enabled the root account with a non-blank password. This was done prior to upgrading to OS X 10.13; don't know how long ago. I had not had any occasion to log in as root for quite some time.
 
redheeler said:
Some privilege-escilation bugs amaze me with their complexity. This is not one of them. Takes literally five seconds to exploit, and the only thing very specific about it is the username root, which anyone who is familiar with Unix can think of trying.

I'd say this is a pretty big screw-up that should've been caught in testing.
Click to expand...
Hindsight is 20/20.
 
redheeler said:
Some privilege-escilation bugs amaze me with their complexity. This is not one of them. Takes literally five seconds to exploit, and the only thing very specific about it is the username root, which anyone who is familiar with Unix can think of trying.

I'd say this is a pretty big screw-up that should've been caught in testing.
Click to expand...

Ten buys you a dozen that this wasn't even in any of their test scripts. :confused:

Ten will buy you 20 and some bonus ones that it'll be featured in the new test scripts! :cool:
 
  • Like
Reactions: PickUrPoison
My vote is that Apple is so "diversified" in its portfolio of products that quality control is being compromised. I think each business unit (computers, phones, ipads, OS, iOS) should be split up into different companies that are treated as such.
 
  • Like
Reactions: Mal Blackadder
murdoc2k said:
Same here. I'm on 10.13.1. I tried 6 consecutive tries and could not replicate this issue.
Click to expand...

You think you may have set a root password when you installed your Mac? That's what I'm thinking.

What about trying this on the command line - it's been reported as also exploiting the same bug:

$ osascript -e 'do shell script "id" with administrator privileges user name "root" password ""'

If it comes back with the following, that's the exploit at work I think:

uid=0(root) gid=0(wheel) egid=20(staff) groups=0(wheel) [..]
 
Just tried on my FileVault-enabled 10.13.1, APFS MBP, and going to System Preferences, I could easily go to a secured/locked setting pane (ie, Security) and type root, click the blank password box, enter... shake... then try again, boom, it works. Scary ****.

I noticed starting with 10.13.1, the keyboard does not default into the password dialog for any password prompts... what I mean is, the password prompt window comes up out of focus, and you have to click it to type the password. This didn't happen in 10.13.0 or below. Maybe it's related somehow? Does anyone else notice that?
 
KoolAid-Drink said:
Just tried on my FileVault-enabled 10.13.1, APFS MBP, and going to System Preferences, I could easily go to a secured/locked setting pane (ie, Security) and type root, click the blank password box, enter... shake... then try again, boom, it works. Scary ****.

I noticed starting with 10.13.1, the keyboard does not default into the password dialog for any password prompts... what I mean is, the password prompt window comes up out of focus, and you have to click it to type the password. This didn't happen in 10.13.0 or below. Maybe it's related somehow? Does anyone else notice that?
Click to expand...

The bug also affects machines before 10.13.1, so it's not related.
 
Wow... sucks...

You would think is this day and age with all the privacy Apple gives on about you'd do a default password for "root" Although won't stop u as someone will just post a screen shot online of it anyway, but at least Apple would be going to some length to try and protect it.

Since Apple relies on other verification methods up the chain in the OS to oversee a convenience, that's where the problem lies.

You gotta draw the line somewhere but Apple won't learn from this.... They'll fix the mistake, but leave it blank password as default.

I guess Apple could have "pulled" beta kinda like what they did with Home sharing pulled from a iOS beta while they work on it. Cause to much upset with developers perhaps?
 
You need to have Display login window as: Name and Password option turned on (not default) in order to enter root at the lock screen. Otherwise it only allows specific users.
 
Ishayu said:
If someone knows the password of a user on your system, or your account is poorly protected, it is perfectly possible to do this remotely. You just have to remote into the macine, start a GUI shell with any user, go to preferences, and do the same steps in the news post. Then you can log in as root in the shell prompt, start a remote session from that, and you're good to go.

Any Mac with internet access and firewalls opened is vulnerable to this.
Click to expand...
I know just enough to use my MBP for my limited daily uses. I read these type threads and follow them at first, then when different ‘fixes’ (many wrong) start coming along I get confused. Especially when I read here...”any Mac with internet access is vulnerable”. So help a non-techy, please advise...won’t I be safe until this is fixed, if I just leave my MBP powered off? I have an iPad to keep up with when a fix is available.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back