A high–profile Apple vulnerability in High Sierra allows anyone to login as root without providing any password. Apple has released an update to address the flaw in it’s MacOS X 10.13; if you’re unable to update, set a root password for devices running the operating system.

The vulnerability is trivial to exploit. Simply enter the username “root,” leave the password field empty and click unlock a handful of times, blammo — you’re an admin. While the attacker would have to have physical or remote desktop access to the machine, if successful, they could do what they please.

Apple, thankfully, has swept this embarrassing oversight under the rug quickly.


About the Skybox Research Lab

The Skybox™ Research Lab is the force behind Skybox’s threat-centric intelligence used throughout our suite. Our team of security analysts scours data from more than 30 leading public and private security feeds as well as more than 700,000 sites on the dark web. The result is the most accurate vulnerability analysis based on Skybox-certified intelligence of the current threat landscape – delivered to customers daily.

Related Posts

ZNIU — Mobile Malware and Dirty COW: How a Dirty COW steals your information and your money.

Dirty COW (CVE-2016-5195) was described as the “most serious Linux local privilege escalation ever” when it was first disclosed and observed in active exploits in October of 2016. Though it was quickly patched once discovered, the bug had remained undetected for a stunning nine years in nearly all versions of the Linux OS.

BlueBorne Threatens 5.3 Billion Devices: Eight zero–day vulnerabilities have been announced affecting Android, iOS, Windows and Linux devices

While not observed in the wild, the BlueBorne wormable Bluetooth attack could impact more than 5.3 billion devices. Security researchers discovered eight zero–day vulnerabilities in Bluetooth protocol used in Android, iOS, Windows and Linux devices* — including mobile phones, laptops, desktops and other IoT devices.