![]() ![]() Security researcher Patrick Wardle was also able to demonstrate this scary exploit working remotely if screen sharing was enabled. It doesn't need to be from the login window. If someone is already logged into the computer, a hacker could still use this root/passwordless trick to bypass privilege escalation prompts. They may need to hit enter repeatedly until successfully logged in and on the desktop. All they have to do is click inside the password box, then hit enter. For the username, they'd simply input root, and for the password, it would be left empty. When on the login window, they'd click on the "Other" option, not an actual user or guest user. Don't Miss: How to Know if You've Been HackedĪ hacker can just start up the machine, literally.Because this patch seems to be having some issues rolling out, you should test to make sure this vulnerability doesn't affect your macOS device. If this isn't the case, the attacker is going to have to get up close and personal with the victim's laptop, meaning the attacker is going to have to James Bond his or her way to the victim's Mac and be in front of the computer itself.Īpple issued a patch within 18 hours of this vulnerability being discovered, but for users who had not yet upgraded their operating system from the original version of High Sierra (10.13.0) to 10.13.1 before applying the patch, some have reported the bug re-emerging after updating. Unless, of course, the victim has screen-sharing enabled. This severe vulnerability lets hackers - or anyone with malicious intentions - do anything they want as root users as long as they have physical access to the computer.ĭesignated as CVE-2017-13872 by Apple, this bug is not the be-all and end-all of exploitable bugs, where you can load up a remote terminal and just log into a victim's Mac without leaving the room you're in. It looks like there is a fatal flaw in the current macOS High Sierra 10.13.1, even straight from the login menu when you first start up the computer. ![]()
0 Comments
Leave a Reply. |