Mac Sierra 'no Username' Password For Site
There are hackable security flaws in software. And then there are those that don't even require hacking at all—just a knock on the door, and asking to be let in.
Apple's macOS High Sierra has the second kind. On Tuesday, security researchers disclosed a bug that allows anyone a blindingly easy method of breaking that operating system's security protections.
When anyone hits a prompt in High Sierra asking for a username and password before logging into a machine with multiple users, installing an application or changing settings, they can simply type 'root' as a username, leave the password field blank, click 'unlock' twice, and immediately gain full access. In other words, the bug allows any rogue user that gets the slightest foothold on a target computer to gain the deepest level of access to a computer, known as 'root' privileges. Malware designed to exploit the trick could also fully install itself deep within the computer, no password required.
Resetting your Mac's home folder permissions can fix many problems, including issues copying or moving files, or being asked for an administrator password. To be clear, this allows you to reset any password for any user on a MacOS Sierra computer, including for the admin account. Before beginning, keep in mind that internet connected Macs running Sierra and other prior versions of Mac OS can also reset a password by using an Apple ID after incorrectly entering a password a few times, which may be a better approach for some users.
'We always see malware trying to escalate privileges and get root access,' says Patrick Wardle, a security researcher with Synack. 'This is best, easiest way ever to get root, and Apple has handed it to them on a silver platter.' As word of the security vulnerability rippled across Twitter and other social media, a few security researchers found they couldn't replicate the issue, but others captured and posted video demonstrations of the attack, like Wardle's GIF below, and another that shows security researcher Amit Serper logging into logged-out account.
WIRED also independently confirmed the bug. The fact that the attack could be used on a logged-out account raises the possibility that someone with physical access could exploit it just as easily as malware, points out Thomas Reed, an Apple-focused security researcher with MalwareBytes. They could, for instance, use the attack to gain root access to a logged-out machine, set a root password, and then regain access to a machine at any time. 'Oooh, boy, this is a doozy,' says Reed. 'So, if someone did this to a Mac sitting on a desk in an office, they could come back later and do whatever they wanted.' On Wednesday, about 18 hours after the bug was widely publicized, Apple. 'A logic error existed in the validation of credentials,' Apple's update reads.
'This was addressed with improved credential validation.' 'Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS,' the company said in a statement.
'We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.' Before Apple made that patch available, MalwareBytes' Reed also noted—and other researchers confirm—that it's possible to block the attack.
Discover the great variety of genres and pick top marble popper titles, awesome arcade games, platformers and more. All of them feature family-friendly gameplay and extremely high addictivity level. You have been warned! One of such fun arcade games for Mac is Bubble Shooter in which marble popper mechanics acquires some collapse games elements. The Best Free Arcade Games app downloads for Mac: Marble Blast Gold PacMan Spy Hunter StepMania (OS X) Bubble Bobble Nostalgie Mac Edition Chicken Inv. Mac Games > Arcade & Action Games. Arcade & Action Games. Shoot, run, and jump through challenging levels as you play free Action & Arcade Games. Try before you buy! Nanny Mania 2. Become the nanny of a famous Hollywood couple in this mad-dash Time Management adventure. Free online arcade games for mac.
But the safest fix is to install Apple's update. If you've installed High Sierra and haven't yet updated, you should do it now. 'This is best, easiest way ever to get root, and Apple has handed it to them on a silver platter.' Security Researcher Patrick Wardle High Sierra's 'root' bug was first revealed by Turkish software developer Lemi Orhan Ergin, who says security staff at his company stumbled on the issue while trying to help a user get back into their account. 'They informed me and tried on my machine too. And I saw the security issue with my eyes.