Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Status
Not open for further replies.

mrbobdobolina

macrumors member
Feb 28, 2016
81
57
This only effects High Sierra, right? Tried it on 10.12 and doesn't seem to work... which is a good thing.

I'm a little confused why they posted this on Twitter, and not privately contact Apple about it.
 

ChaosAngel

macrumors member
Original poster
Sep 29, 2005
91
15
UK
This only effects High Sierra, right? Tried it on 10.12 and doesn't seem to work... which is a good thing.

I'm a little confused why they posted this on Twitter, and not privately contact Apple about it.

Yep, I believe this issue is High Sierra only.
 

posguy99

macrumors 68020
Nov 3, 2004
2,284
1,531
On MacAdmins Slack the consensus is that root being disabled is a pre-condition for this working.
 

960design

macrumors 68040
Apr 17, 2012
3,795
1,674
Destin, FL
I stand corrected. I replicated on a single iMac running 10.13.1. Once I restarted I could not replicate.
[doublepost=1511902815][/doublepost]
On MacAdmins Slack the consensus is that root being disabled is a pre-condition for this working.
So far, I've attempted on nearly a dozen MBPr15 running 10.13.1 and a single iMac27 running 10.13.1. The iMac27 root bypassed the lock, I could turn on Guest user and enable shared accounts. Fortunately, you already have to 'in the system' to make this work. I have one more iMac locally to test and two more MBPr15. Be right back.

The good news is that after the first root bypass on the iMac27, I could not replicate after restarting.
[doublepost=1511903353][/doublepost]Now replicating on all Macs running 10.13.1
If you type in root and then hit enter, do not click the Unlock button; just press enter. It may take a couple of attempts.
[doublepost=1511903930][/doublepost]Could it be associated with the Ghost Guest user that appeared with High Sierra? On the MacbookPro I cleared the ghost guest with this terminal command:
Code:
sudo fdesetup remove -user Guest

I cannot use root to bypass on MBPr.
 
Last edited:

960design

macrumors 68040
Apr 17, 2012
3,795
1,674
Destin, FL
Replicated on 10.13.2 beta 4
Try removing the ghost guest root user account with either of the terminal commands:
Code:
dsenableroot -d
Code:
sudo fdesetup remove -user Guest
[doublepost=1511905303][/doublepost]I removed the ghost guest account on iMac and still got in.
So probably nothing to do with Guest accounts.
 

3rdHvn

macrumors newbie
Nov 28, 2017
1
0
Newbie question. Is this only a vulnerability if some one has physical access to your Mac? I mean for the most part?
 

redheeler

macrumors G3
Oct 17, 2014
8,604
9,216
Colorado, USA
Newbie question. Is this only a vulnerability if some one has physical access to your Mac? I mean for the most part?
Someone has to have access and be able to open System Preferences, yes (from any account, even the guest account). The bug is in the System Preferences authentication routine.
 

960design

macrumors 68040
Apr 17, 2012
3,795
1,674
Destin, FL
Newbie question. Is this only a vulnerability if some one has physical access to your Mac? I mean for the most part?
Not quite. I've logged into the 'ghost' guest account created on an iMac from our office. To see if you can duplicate:
  1. Restart Mac
  2. If you see 'Other' user, click on that
  3. Enter root
  4. Then press enter

You should now have root access to your mac. From there the user can do anything.

NOTE: If you do not see an 'Other' user, your mac should be safe.
 

chrfr

macrumors G5
Jul 11, 2009
13,703
7,270
Someone has to have access and be able to open System Preferences, yes (from any account, even the guest account). The bug is in the System Preferences authentication routine.
The bug affects authentication in any application, not just System Preferences.
 

Admiral

macrumors 6502
Mar 14, 2015
404
986
Wow, stupidly simple and it actually works! A second massive screwup in MacOS High Sierra from a company known for its security-conscious practices - what exactly is happening over there?

Gay pride and unicorn animojis (but I repeat myself).

Basically, Apple has taken its eye off the ball. They're a software company first and have forgotten that basic fact.
 
Status
Not open for further replies.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.