Stupid, stupid MacOS security flaw grants admin access to anyone | #Apple #CyberSecurity #Naivety #Awareness #NobodyIsPerfect  | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
From www.zdnet.com - November 28, 2017 6:05 PM
Apple, Apple, Apple. What are we going to do with you? In your most recent High Sierra macOS release, it turns out you've given a way for any local user to take over a Mac -- lock, stock, and two smoking barrels.

This exploit doesn't require any mad NSA-type hacker skillz. All you have to do is go to System Preferences, then Users and Groups, and click the lock to make changes. Then, enter "root" as your username without a password. Shazam! You're in.

As on any Unix/Linux-based system, the root user can control all administration functions and can read and write to any file system, including those of other users. In theory, root is disabled on Apple systems unless expressly authorized. Wrong!

Once in, you can edit your own permissions. For example, want to give yourself administrator privileges? Sure! Or, you can set up new administration-level accounts. Once you've done that, you can do anything your heart desires within the system.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security