Apple closes that big root hole – “Install this update as soon as possible”

By Paul Ducklin, Sophos

November 30, 2017

Yesterday we wrote about a publicly-disclosed problem in Apple’s macOS 10.13, better known as High Sierra.

For reasons that aren’t yet clear, you could trick macOS into letting you authenticate as root – the all-powerful system administration account that you aren’t even supposed to use – with a password of…

…nothing. Blank. Empty. Just press [Enter].

Even though you couldn’t exploit this hole remotely, at least by default, it was an astonishing lapse by Apple.

At first, the Twitter user who publicised this flaw was criticised by some people, who considered his tweet to be “irresponsible disclosure”, because he didn’t report the bug to Apple privately so that the hole could be closed first and only disclosed once a patch was ready.

But others soon realised that this was not a brand new discovery – indeed, it had been discussed more than two weeks ago on Apple’s own support forum.

Ironically, the support forum thread, a community discussion that seems to have gone unnoticed by Apple itself, was about losing administrator access after updating to High Sierra – and this very bug was presented as a handy hack to restore things to normal.

Terms of Use | Copyright © 2002 - 2017 CONSTITUENTWORKS SM  CORPORATION. All rights reserved. | Privacy Statement