Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Status
Not open for further replies.
This only effects High Sierra, right? Tried it on 10.12 and doesn't seem to work... which is a good thing.

I'm a little confused why they posted this on Twitter, and not privately contact Apple about it.
 
This only effects High Sierra, right? Tried it on 10.12 and doesn't seem to work... which is a good thing.

I'm a little confused why they posted this on Twitter, and not privately contact Apple about it.

Yep, I believe this issue is High Sierra only.
 
On MacAdmins Slack the consensus is that root being disabled is a pre-condition for this working.
 
I stand corrected. I replicated on a single iMac running 10.13.1. Once I restarted I could not replicate.
[doublepost=1511902815][/doublepost]
On MacAdmins Slack the consensus is that root being disabled is a pre-condition for this working.
So far, I've attempted on nearly a dozen MBPr15 running 10.13.1 and a single iMac27 running 10.13.1. The iMac27 root bypassed the lock, I could turn on Guest user and enable shared accounts. Fortunately, you already have to 'in the system' to make this work. I have one more iMac locally to test and two more MBPr15. Be right back.

The good news is that after the first root bypass on the iMac27, I could not replicate after restarting.
[doublepost=1511903353][/doublepost]Now replicating on all Macs running 10.13.1
If you type in root and then hit enter, do not click the Unlock button; just press enter. It may take a couple of attempts.
[doublepost=1511903930][/doublepost]Could it be associated with the Ghost Guest user that appeared with High Sierra? On the MacbookPro I cleared the ghost guest with this terminal command:
Code:
sudo fdesetup remove -user Guest

I cannot use root to bypass on MBPr.
 
Last edited:
Replicated on 10.13.2 beta 4
Try removing the ghost guest root user account with either of the terminal commands:
Code:
dsenableroot -d
Code:
sudo fdesetup remove -user Guest
[doublepost=1511905303][/doublepost]I removed the ghost guest account on iMac and still got in.
So probably nothing to do with Guest accounts.
 
Newbie question. Is this only a vulnerability if some one has physical access to your Mac? I mean for the most part?
 
Newbie question. Is this only a vulnerability if some one has physical access to your Mac? I mean for the most part?
Someone has to have access and be able to open System Preferences, yes (from any account, even the guest account). The bug is in the System Preferences authentication routine.
 
Newbie question. Is this only a vulnerability if some one has physical access to your Mac? I mean for the most part?
Not quite. I've logged into the 'ghost' guest account created on an iMac from our office. To see if you can duplicate:
  1. Restart Mac
  2. If you see 'Other' user, click on that
  3. Enter root
  4. Then press enter

You should now have root access to your mac. From there the user can do anything.

NOTE: If you do not see an 'Other' user, your mac should be safe.
 
Someone has to have access and be able to open System Preferences, yes (from any account, even the guest account). The bug is in the System Preferences authentication routine.
The bug affects authentication in any application, not just System Preferences.
 
Wow, stupidly simple and it actually works! A second massive screwup in MacOS High Sierra from a company known for its security-conscious practices - what exactly is happening over there?

Gay pride and unicorn animojis (but I repeat myself).

Basically, Apple has taken its eye off the ball. They're a software company first and have forgotten that basic fact.
 
Status
Not open for further replies.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.