• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • April 15th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Technology News
Apple News

macOS High Sierra bug lets anyone unlock Mac without password

November 29th, 2017 Waqas Security, Apple News 0 comments
macOS High Sierra bug lets anyone unlock Mac without password
Share on FacebookShare on Twitter

Apple’s Latest OS High Sierra Plagued With Critical Security Vulnerability Allowing Anyone To Login Into Mac Without A Password.

Lemi Ergin, a Turkey-based software developer has discovered a critical security bug in Apple’s recently released operating system macOS High Sierra. The flaw was revealed to the public via Twitter.

According to his tweet, this flaw is highly dangerous because through exploiting it, anyone using Mac device can get admin rights by simply clicking on another button on the login screen and entering “root” in the username tab. It is worth noting that no password is required to gain admin access to a Mac device if username ‘root’ is entered and Enter key is clicked a few times instead of entering the password.

Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as "root" with empty password after clicking on login button several times. Are you aware of it @Apple?

— Lemi Orhan Ergin (@lemiorhan) November 28, 2017

Moreover, if the same username is used in System Preferences, then it will be possible to get admin access and change settings on a locked Mac device. This means, if a Mac device is left unattended then it would allow anyone to become system administrator without needing any verification. Even if the device is remotely accessed, it would give away admin rights and thus, an attacker can obtain sensitive information stored on the device.

Ergin further revealed that the bug is identified in macOS High Sierra version 10.13.1 and the macOS 10.13.2 beta. Older versions of this operating system such as Sierra and El Capitan are spared of this bug.

Apple has admitted that the bug is indeed present in its latest OS and has issued a statement that the company is already working on releasing a security update for the OS as soon as possible. In the meantime, users can enable password protection for root username to fix the issue temporarily. Apple’s rep stated: “Setting a root password prevents unauthorized access to your Mac.”

This flaw was reported about two weeks back at Apple support forums, but the company regarded as a workaround to fix issues with the computer and denied that it was a security threat. On the other hand, security experts have criticised Ergin for not following the Responsible Disclosure guidelines while dealing with critical security vulnerabilities as he chose to reveal it to the public via Twitter.

This is the second time in last two months that Apple is in news for all the wrong reasons. In October, a critical bug was discovered in Mac devices that displayed device password rather than a hint in plain-text format. 

  • Tags
  • Apple
  • Bug
  • Flaw
  • hacking
  • internet
  • Mac
  • Password
  • Privacy
  • security
  • Technology
  • Vulnerability
Facebook Twitter LinkedIn Pinterest
Previous article Gone in Seconds: Hackers Steal Mercedes Car without Key
Next article Unprotected S3 Cloud Bucket Exposed 100GB of Classified NSA Data
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Unpatched MS Exchange servers hit by cryptojacking malware

Unpatched MS Exchange servers hit by cryptojacking malware

Indian supply-chain giant Bizongo exposed 643GB of sensitive data

Indian supply-chain giant Bizongo exposed 643GB of sensitive data

FBI accessing computers across US to remove malicious web shells

FBI accessing computers across US to remove malicious web shells

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Unpatched MS Exchange servers hit by cryptojacking malware
Security

Unpatched MS Exchange servers hit by cryptojacking malware

Indian supply-chain giant Bizongo exposed 643GB of sensitive data
Leaks

Indian supply-chain giant Bizongo exposed 643GB of sensitive data

FBI accessing computers across US to remove malicious web shells
Security

FBI accessing computers across US to remove malicious web shells

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us