Soon after Ergin's tweet, a flood of security researchers and writers confirmed the bug works as described - whether attempting to access an administrator's account on an unlocked Mac, or trying to gain access via the login screen of a locked Mac. This blocks the bug from creating another root account.
Ben Johnson, the chief technology officer of Obsidian Security and a former U.S. National Security Agency computer scientist, described the flaw to IBT as "a hacker's dream".
The level of unbridled access this security hole permits - and it abruptly being made public - will nearly certainly prompt Apple to move fast in releasing an update for its Mac operating system. Such was the case with Apple and macOS High Sierra.
CNET independently confirmed this security flaw exists and reached out to Apple about the issue. A spokesperson for Apple was not immediately available for comment.
Users can click on the login options button, then select the join network account server option.
macOS High Sierra security vulnerability discovered, here's how to set root password for fix
Let's make this clear: this is a huge mistake on Apple's part, even if there's a relatively simple fix.
After going through the above steps, the attacker can then log out, and choose the "Other" option that appears on the login screen. They can change any users' password, allowing them to log in and access things like email and browser passwords.
Some users are reporting that you can change your root password to fix the issue, but Apple has not issued official guidance yet.
You can patch this problem right now by creating a root account manually and giving it a secure password.
Click in the Directory Utility window, then enter an administrator name and password. In another lapse, Directory Utility lets you set the root password to blank - just leave both fields empty and click OK.
- Will the Real CFPB Acting Director Please Stand Up?
- Government unveils industrial strategy
- Trump criticizes CNN for 'representing USA poorly to the world'
- USA plane INTERCEPTED by fighter jet close to Russian border
- Matt Ryan tops 300 passing yards in Falcons' win
- White House is reportedly considering banning personal phone use at work
- Derrick Rose Taking Leave From Cavs, Contemplating Retirement
- Jennifer Lawrence, Darren Aronofsky remain good friends following split
- Trump Expressed Disbelief At Ivanka's Criticism Of Roy Moore
- Tuesday marks the sixth year of the Giving Tuesday Holiday