Scary security issue...
https://twitter.com/lemiorhan/status/935578694541770752
I would expect a patch from Apple ASAP!
https://twitter.com/lemiorhan/status/935578694541770752
I would expect a patch from Apple ASAP!
This only effects High Sierra, right? Tried it on 10.12 and doesn't seem to work... which is a good thing.
I'm a little confused why they posted this on Twitter, and not privately contact Apple about it.
Wow, stupidly simple and it actually works! A second massive screwup in MacOS High Sierra from a company known for its security-conscious practices - what exactly is happening over there?Scary security issue...
https://twitter.com/lemiorhan/status/935578694541770752
I would expect a patch from Apple ASAP!
No patch needed. The system administrator at Software Craftsmanship Turkey needs patching.Scary security issue...
https://twitter.com/lemiorhan/status/935578694541770752
I would expect a patch from Apple ASAP!
No patch needed. The system administrator needs patching.
Attempted bypass listed above on 4 iMacs and 2 MBPr15 running MacOS 10.13.1 with no vulnerability as presented.
Probably because it is alternative facts.This only effects High Sierra, right? Tried it on 10.12 and doesn't seem to work... which is a good thing.
I'm a little confused why they posted this on Twitter, and not privately contact Apple about it.
So far, I've attempted on nearly a dozen MBPr15 running 10.13.1 and a single iMac27 running 10.13.1. The iMac27 root bypassed the lock, I could turn on Guest user and enable shared accounts. Fortunately, you already have to 'in the system' to make this work. I have one more iMac locally to test and two more MBPr15. Be right back.On MacAdmins Slack the consensus is that root being disabled is a pre-condition for this working.
sudo fdesetup remove -user Guest
Try removing the ghost guest root user account with either of the terminal commands:Replicated on 10.13.2 beta 4
dsenableroot -d
sudo fdesetup remove -user Guest
Someone has to have access and be able to open System Preferences, yes (from any account, even the guest account). The bug is in the System Preferences authentication routine.Newbie question. Is this only a vulnerability if some one has physical access to your Mac? I mean for the most part?
Not quite. I've logged into the 'ghost' guest account created on an iMac from our office. To see if you can duplicate:Newbie question. Is this only a vulnerability if some one has physical access to your Mac? I mean for the most part?
The bug affects authentication in any application, not just System Preferences.Someone has to have access and be able to open System Preferences, yes (from any account, even the guest account). The bug is in the System Preferences authentication routine.
Wow, stupidly simple and it actually works! A second massive screwup in MacOS High Sierra from a company known for its security-conscious practices - what exactly is happening over there?