Everyone is buzzing about the root security flaw, tell me how this is different:
1. Reboot single user mode
2. mount -uw /
3. rm /var/db/.AppleSetupDone
4. shutdown -h now
5. Create new admin account
Like, what am I missing here? Why is this so easy to do? With a new admin account you could install a hidden keylogger/screen capture service and then reboot the machine back into single user mode, delete the new admin account you created and the owner would have no indicators anything had changed. In less than 15 min I could install a keylogger with zero traces? Ouch. How is that even kind of secure? Or am I missing some obvious prevention tip to this?
*EDIT* Yeah, as I'm researching this, setting up a firmware password would prevent this from being so casually easy, so that's the prevention tip right there. I wish the firmware password was encouraged more. I bet most of the people buzzing about the root bug don't have a firmware password or are aware how easy this is to accomplish the same thing.
1. Reboot single user mode
2. mount -uw /
3. rm /var/db/.AppleSetupDone
4. shutdown -h now
5. Create new admin account
Like, what am I missing here? Why is this so easy to do? With a new admin account you could install a hidden keylogger/screen capture service and then reboot the machine back into single user mode, delete the new admin account you created and the owner would have no indicators anything had changed. In less than 15 min I could install a keylogger with zero traces? Ouch. How is that even kind of secure? Or am I missing some obvious prevention tip to this?
*EDIT* Yeah, as I'm researching this, setting up a firmware password would prevent this from being so casually easy, so that's the prevention tip right there. I wish the firmware password was encouraged more. I bet most of the people buzzing about the root bug don't have a firmware password or are aware how easy this is to accomplish the same thing.
Last edited: