Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Major macOS High Sierra Bug Allows Full Admin Access Without Password - How to Fix [Updated]

Rogifan said:
So they didn’t contact Apple directly before publishing this on social media? @AppleSupport is not responsible for software security.
Click to expand...

Awesome, you nailed the real issue here.....yet again......not the huge flaw ...... but the reporter sending it to the wrong recipient ........ did not expect anything less :)
[doublepost=1511973174][/doublepost]
MacWorld78 said:
When a company become a multi-billions dollar, any decision they have made should not be hasty - one or more tiny mistake(s) it will take years to clean up the mess from all department especially for the hardware & software.

Software should be release by target of 99.9% accuracy of bugs free and security loopholes. 0.1% can be patch via software update but this should be a very minimum risk factor.

Apple - you have all the smartest people in the world who is working for you so this is possible not impossible task.
Click to expand...

Not going to achieve that, when Marketing sets your delivery timeframes - clearly the annual MacOS and iOS updates are getting buggier and buggier.....Apple does not care, its a means "free software update" to sell hardware.

Tim just wants to raise prices.... its all hardware, the software side is getting sloppier and sloppier.... they just need to meet deadlines to sell the hardware.
[doublepost=1511973210][/doublepost]
c3po7 said:
Apple has pushed a fix out ...View attachment 739099
Click to expand...

Awesome! Good news.
 
  • Like
Reactions: heffsf and Skeptical.me
Looks like the Security Update disables the root account again. I had mine enabled with a password, but I check now, and it's disabled.

UPDATE: and I can confirm that I'm no longer able to reproduce the bug.
 
JosephAW said:
The NSA and Russians are saying: "Darn, they figured it out..." Hopefully they won't discover the other ones...
Click to expand...

They are saying "Damit, we spent a fortune trying to get access....and there was exploit the size of a Mac truck!!!" DOH!!
 
  • Like
Reactions: Skeptical.me
Feenician said:
That’s not correct. The root account is activated only by accessing something requiring elevated privileges in the GUI and using root as the user in the prompt. After that, yes, you can log in as root but you would have had to have access to an existing account in the GUI.
Click to expand...
Yes, I believe you're correct, thanks.
 
  • Like
Reactions: Feenician
What a company says is not vey important.
What they actually do is the only thing that matters.

This is going to be very illuminating, essentially shining a searchlight into Apple's culture and true nature. We have absolute proof of demonstrated incompetence, endangering millions of users. There is no way to put lipstick on this pig and I suggest Apple's apologists sit this one out.

The question is, "Who is accountable and what will they do about it?"

The right answer is to remove the incompetents responsible. Apple should erect a metaphorical scaffold in the middle of Apple Park and hand them a pink slip as the noose settles around their pointy little heads.

Craig Federighi bears ultimate responsibility and goes first, followed by others right down to the cubicle dwellers. Again, accountability.

Apple claims to value security and their customers. That's what they trumpet.

That's what they say.

Let's see what they do.
 
  • Like
Reactions: MacWorld78
nt5672 said:
My brand new (3 weeks ago) iMac had root enabled, and no password. I did not do a migration. I did do an update. Obviously Apple has either transferred all of their macOS security staff to other projects or they just don't care. With other things going on, I believe the latter.
Click to expand...

Really? That is horrible.
 
I have high sierra, but I don't have this problem! However I see that I have the 10.12 version and not the 10.13 beta. I am just curious...just to test; if you still have this problem and haven't set the root password yet, could you please open the terminal and type "su" to see if you will be prompted for password to become root? If you do which I believe you will, then you can ctrl-D out of it...Thank you... Also you can set the root password quickly through terminal; open the terminal and type "sudo -i" and then type your own password. Then you will the at the root prompt "root#", and you can type "passwd" and it will allow you to set the root password.
 
MH01 said:
Awesome, you nailed the real issue here.....yet again......not the huge flaw ...... but the reporter sending it to the wrong recipient ........ did not expect anything less :)
[doublepost=1511973174][/doublepost]

Not going to achieve that, when Marketing sets your delivery timeframes - clearly the annual MacOS and iOS updates are getting buggier and buggier.....Apple does not care, its a means "free software update" to sell hardware.

Tim just wants to raise prices.... its all hardware, the software side is getting sloppier and sloppier.... they just need to meet deadlines to sell the hardware.
[doublepost=1511973210][/doublepost]

Awesome! Good news.
Click to expand...

While Apple is generate most profit by selling the hardware, App Store, iTunes, Apple Pay commission & Apple TV - however apple’s revenue will cover everything for the Apple firm’s daily expenditure.

Technically you have paid for its hardware and software together, nothing come for FREE.

That’s why I said it is apple’s responsibility to make sure the software isn’t buggy or weak security. There is no room for any mistake(s) !

I believe Tim Cook took advantage of 10th year anniversary edition hence to rise the price for the X, but again I could be wrong!

The problems come out - something isn’t right within their organisation...
 
mak_daddy said:
I have high sierra, but I don't have this problem! However I see that I have the 10.12 version and not the 10.13 beta. I am just curious...just to test; if you still have this problem and haven't set the root password yet, could you please open the terminal and type "su" to see if you will be prompted for password to become root? If you do which I believe you will, then you can ctrl-D out of it...Thank you... Also you can set the root password quickly through terminal; open the terminal and type "sudo -i" and then type your own password. Then you will the at the root prompt "root#", and you can type "passwd" and it will allow you to set the root password.
Click to expand...
If you're on 10.12, you're on Sierra, not High Sierra. Not sure whether or not it will ever be patched for Sierra.

EDIT: Guess the issue doesn't exist on Sierra. That's why you can't replicate it.
 
Last edited:
theheadguy said:
lol. Would you defend MSFT with the same enthusiasm?
Click to expand...
With MSFT's reputation as the swiss-cheese of Operating Systems (and I use several versions of their stuff every workday), they wouldn't deserve it.
[doublepost=1511985105][/doublepost]
TETENAL said:
I have never done this, but I don't work at Apple's QA department.

When developing test cases to test the security of an operating system, wouldn't that be top priority, trying to log in as root? Wouldn't you test edge cases? Wouldn't "no password" be such a case?

This should never have happened. This bug is a disaster that discovered an organizational problem at Apple.
Click to expand...
And was apologized for an fixed in under 24 hours.

Try that with Windows or Linux.
 
MacsRuleOthersDrool said:
With MSFT's reputation as the swiss-cheese of Operating Systems (and I use several versions of their stuff every workday), they wouldn't deserve it.
Click to expand...

Umm, that perception is out of date by at least a decade now. They did a major security architecture overhaul back in Vista days (released 2006) and have been refining that in subsequent versions.
 
Roadstar said:
Umm, that perception is out of date by at least a decade now. They did a major security architecture overhaul back in Vista days (released 2006) and have been refining that in subsequent versions.
Click to expand...
As I said, I use several versions of their OSes, both Desktop and Server, and I don't think it's out of date at all...
 
MacsRuleOthersDrool said:
As I said, I use several versions of their OSes, both Desktop and Server, and I don't think it's out of date at all...
Click to expand...

Me too, and I've also been deeply involved in adapting an older commercial software product to be a first-class citizen in the current Windows security model. The difference to how things used to be pre-Vista is quite staggering. Care to elaborate on some recent examples of Windows being the Swiss cheese you claim it to be?
 
Roadstar said:
Me too, and I've also been deeply involved in adapting an older commercial software product to be a first-class citizen in the current Windows security model. The difference to how things used to be pre-Vista is quite staggering. Care to elaborate on some recent examples of Windows being the Swiss cheese you claim it to be?
Click to expand...
Gladly! But since it's hard to remember examples when asked, I'll just let Google answer your question:

https://www.exploit-db.com/local/

https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/

http://www.fuzzysecurity.com/tutorials/16.html

https://github.com/AlessandroZ/BeRoot

https://attack.mitre.org/wiki/Privilege_Escalation

https://www.rapid7.com/db/modules/exploit/windows/local/trusted_service_path

https://www.rapid7.com/db/modules/exploit/windows/local/service_permissions


That's just from the first Google Search page for "Windows Privilege Escalation"

Is that enough "holes" in the Cheese for ya?

And a similar search for macOS or OS X turns up a FEW Privilege Escalation Vulnerabilities; but NOWHERE NEAR the pages and pages of exploits I just found and linked-to.

And curiously enough, Windows manages to have this many Escalation Exploits while simultaneously having the most arcane (most might call it "incomprehensible") and quick-to-deny "Trust" model of any OS on the planet!
 
MacsRuleOthersDrool said:
Gladly! But since it's hard to remember examples when asked, I'll just let Google answer your question:

https://www.exploit-db.com/local/

https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/

http://www.fuzzysecurity.com/tutorials/16.html

https://github.com/AlessandroZ/BeRoot

https://attack.mitre.org/wiki/Privilege_Escalation

https://www.rapid7.com/db/modules/exploit/windows/local/trusted_service_path

https://www.rapid7.com/db/modules/exploit/windows/local/service_permissions


That's just from the first Google Search page for "Windows Privilege Escalation"

Is that enough "holes" in the Cheese for ya?

And a similar search for macOS or OS X turns up a FEW Privilege Escalation Vulnerabilities; but NOWHERE NEAR the pages and pages of exploits I just found and linked-to.

And curiously enough, Windows manages to have this many Escalation Exploits while simultaneously having the most arcane (most might call it "incomprehensible") and quick-to-deny "Trust" model of any OS on the planet!
Click to expand...

Nice list, but I'm just failing to see how this makes Windows any more of a Swiss cheese than macOS especially in its current state is. All systems of this level of complexity are bound to have vulnerabilities, and what matters is the ease of exploitability and the extent of damage, plus how fast they are patched (this is something where Apple deserves kudos on the passwordless root issue, but not so much in the Rootpipe case where relatively fresh versions were left unpatched) On this scale e.g. passwordless root login is rather severe. And of course there are more vulnerabilities listed for Windows in Exploit DB as it includes also 3rd party applications that run on the platform. There's quite a deal of those on Windows. If you look for them, there's plenty of macOS vulnerability information and hacking techniques available, so by that measure it falls into the same Swiss cheese category. Some examples:

https://www.blackhat.com/docs/us-15/materials/us-15-Wardle-Writing-Bad-A-Malware-For-OS-X.pdf

https://www.macrumors.com/2017/03/16/researchers-macos-safari-exploits-pwn2own-2017/

https://arstechnica.com/information...-x-comes-under-active-exploit-to-hijack-macs/

https://en.wikipedia.org/wiki/Rootpipe

https://www.cso.com.au/article/6280...keychain-hacked-secdevops-gets-reality-check/

https://thehackernews.com/2015/09/hack-macos-gatekeeper-security.html
 
Roadstar said:
Nice list, but I'm just failing to see how this makes Windows any more of a Swiss cheese than macOS especially in its current state is. All systems of this level of complexity are bound to have vulnerabilities, and what matters is the ease of exploitability and the extent of damage, plus how fast they are patched (this is something where Apple deserves kudos on the passwordless root issue, but not so much in the Rootpipe case where relatively fresh versions were left unpatched) On this scale e.g. passwordless root login is rather severe. And of course there are more vulnerabilities listed for Windows in Exploit DB as it includes also 3rd party applications that run on the platform. There's quite a deal of those on Windows. If you look for them, there's plenty of macOS vulnerability information and hacking techniques available, so by that measure it falls into the same Swiss cheese category. Some examples:

https://www.blackhat.com/docs/us-15/materials/us-15-Wardle-Writing-Bad-A-Malware-For-OS-X.pdf

https://www.macrumors.com/2017/03/16/researchers-macos-safari-exploits-pwn2own-2017/

https://arstechnica.com/information...-x-comes-under-active-exploit-to-hijack-macs/

https://en.wikipedia.org/wiki/Rootpipe

https://www.cso.com.au/article/6280...keychain-hacked-secdevops-gets-reality-check/

https://thehackernews.com/2015/09/hack-macos-gatekeeper-security.html
Click to expand...


Windows is insecure by design if you have physical access to the box. You reboot into safe mode, replace utilman.exe with cmd.exe or explorer.exe, reboot and click the accessibility button and you're in. Worthless.
 
"Other people/companies screw up too ..... " or some such apologist BS is being tossed around in the tread.

True, but this diversion is not germane to the conversation.

We are discussing an incredibly stupid mistake by Apple. Hopefully, Craig Federighi will pay for this. The buck stops with him.

If he doesn't .... well, actions speak louder than words and Apple will be exposed as hypocrites as well as incompetents. Should that happen the board should sack Tim.

Mistakes of this magnitude demand accountability. After all, let a lowly sysadmin make this mistake and he'd be crucified by management, possibly prosecuted. It doesn't remotely meet the standard of due diligence.
 
  • Like
Reactions: heffsf
Roadstar said:
With physical access all bets are usually off. Similar stuff is possible with a Mac. https://www.macworld.co.uk/how-to/mac/how-hack-into-mac-change-password-3640399/. I guess it makes it equally worthless.
Click to expand...

Of course you can go to single user mode and change passwords etc (if FileVault is not enabled, which changes the calculus completely. Same is true of BitLocker) but the point is that you can arbitrarily change binaries and bypass the login screen without ever authenticating or changing any password (thus leaving no trace and arousing no suspicion). It's Toytown stuff.

PeaceMonger said:
"Other people/companies screw up too ..... " or some such apologist BS is being tossed around in the tread.

True, but this diversion is not germane to the conversation.
Click to expand...

Agree that the deficiencies of other platforms are not actually relevant and exiting the discussion appropriately.
 
I think the fix has been released today with the latest update
https://support.apple.com/en-us/HT208315
Security Update 2017-001
Available for: macOS High Sierra 10.13.1

Not impacted: macOS Sierra 10.12.6 and earlier

Impact: An attacker may be able to bypass administrator authentication without supplying the administrator’s password

When you install Security Update 2017-001 on your Mac, the build number of macOS will be 17B1002
 
  • Like
Reactions: djcristi
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back