https://community.isc2.org/t5/Industry-News/Apple-root-password-privilege-escalation-bug/m-p/4019#M398 <P>Something strange is going on with this patch. I applied it yesterday after reading this post (thanks again) and this morning it installed again.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Untitled.jpeg" style="width: 999px;"><img src="https://community.isc2.org/t5/image/serverpage/image-id/1763i65A424B015BC7187/image-size/large?v=v2&amp;px=999" role="button" title="Untitled.jpeg" alt="Untitled.jpeg" /></span></P> Thu, 30 Nov 2017 14:30:15 GMT kpinkham 2017-11-30T14:30:15Z https://community.isc2.org/t5/Industry-News/Apple-root-password-privilege-escalation-bug/m-p/3997#M387 <P>This is catastrophic in terms of the privilege escalation threat/impact to Apple&nbsp;endpoints running High Sierra.</P><P>&nbsp;</P><P>It does have a patch coming, and there is s work round(set root password - highly recommended).</P><P>&nbsp;</P><P>More details alvailble here:</P><P>&nbsp;</P><P><A href="http://www.theregister.co.uk/2017/11/28/root_access_bypass_macos_high_sierra/&nbsp;" target="_blank">http://www.theregister.co.uk/2017/11/28/root_access_bypass_macos_high_sierra/&nbsp;</A></P><P>&nbsp;</P><P>&nbsp;</P> Wed, 29 Nov 2017 04:28:39 GMT https://community.isc2.org/t5/Industry-News/Apple-root-password-privilege-escalation-bug/m-p/3997#M387 Early_Adopter 2017-11-29T04:28:39Z https://community.isc2.org/t5/Industry-News/Apple-root-password-privilege-escalation-bug/m-p/4000#M389 Combined with the keychain password leakage vuln (<A href="https://m.slashdot.org/story/331681" target="_blank">https://m.slashdot.org/story/331681</A>) that was discovered on release day, it just makes me remember to take most of their posturing about security with a grain of salt. No system is secure, they all just exist at varying levels of insecurity. Wed, 29 Nov 2017 12:54:03 GMT https://community.isc2.org/t5/Industry-News/Apple-root-password-privilege-escalation-bug/m-p/4000#M389 Badfilemagic 2017-11-29T12:54:03Z https://community.isc2.org/t5/Industry-News/Apple-root-password-privilege-escalation-bug/m-p/4009#M394 <P>Looks like the original link is broken or was changed, thank you for sharing.</P><P>&nbsp;</P><P><A href="https://www.theregister.co.uk/2017/11/29/apple_macos_high_sierra_root_bug_patch/" target="_self">https://www.theregister.co.uk/2017/11/29/apple_macos_high_sierra_root_bug_patch/</A></P><P>&nbsp;</P><P>&nbsp;</P> Wed, 29 Nov 2017 22:34:08 GMT https://community.isc2.org/t5/Industry-News/Apple-root-password-privilege-escalation-bug/m-p/4009#M394 kpinkham 2017-11-29T22:34:08Z https://community.isc2.org/t5/Industry-News/Apple-root-password-privilege-escalation-bug/m-p/4019#M398 <P>Something strange is going on with this patch. I applied it yesterday after reading this post (thanks again) and this morning it installed again.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Untitled.jpeg" style="width: 999px;"><img src="https://community.isc2.org/t5/image/serverpage/image-id/1763i65A424B015BC7187/image-size/large?v=v2&amp;px=999" role="button" title="Untitled.jpeg" alt="Untitled.jpeg" /></span></P> Thu, 30 Nov 2017 14:30:15 GMT https://community.isc2.org/t5/Industry-News/Apple-root-password-privilege-escalation-bug/m-p/4019#M398 kpinkham 2017-11-30T14:30:15Z https://community.isc2.org/t5/Industry-News/Apple-root-password-privilege-escalation-bug/m-p/4021#M400 <P>Yes thank you. One wonders if the&nbsp;'root_access_bypass_macos_high_sierra' but of the URL sounded too much like a useful feature?</P> Thu, 30 Nov 2017 14:55:51 GMT https://community.isc2.org/t5/Industry-News/Apple-root-password-privilege-escalation-bug/m-p/4021#M400 Early_Adopter 2017-11-30T14:55:51Z