Apple’s High Sierra Bitten by Root Bug

By

Developers have found a serious vulnerability in High Sierra that allows anyone to become root.

A serious bug in Apple’s latest operating system High Sierra 10.13.x allows anyone to gain root access to the system.

No trick, no malware, no social engineering is required. All you have to do is type root as the username, leave the password field empty, and hit the login button several times to gain root access to the device. Root allows an attacker to make OS-level changes to the system, install packages, and steal critical data.

You don’t even need physical access to the device. If the system is using screen sharing, any remote user can log in to the system as root. It works from both a locked screen and in System Preferences settings.

The bug was found by colleagues of Lemi Orhan Ergin, who posted a message on Twitter, “Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as "root" with empty password after clicking on login button several times. Are you aware of it @Apple?”

The Apple Support team responded by asking Ergin to send a DM (direct message) to them. It was not an isolated case, many users reported the same issue. Apple released a fix less than 24 hours after it became public. After the security update is applied, users need to re-enable the root user and change the root user's password.

The bug worked only on those systems on which users did not create the root password, which many people do not.

In October, when High Sierra was released, two serious security bugs were found. One bug allowed any attacker to gain access to encrypted APF drives, and the second bug allowed theft of passwords via a malicious app.

12/05/2017
comments powered by Disqus