Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Early_Adopter
Community Champion
‎11-28-2017 11:28 PM
‎11-28-2017 11:28 PM

Apple root password privilege escalation bug

This is catastrophic in terms of the privilege escalation threat/impact to Apple endpoints running High Sierra.

 

It does have a patch coming, and there is s work round(set root password - highly recommended).

 

More details alvailble here:

 

http://www.theregister.co.uk/2017/11/28/root_access_bypass_macos_high_sierra/ 

 

 

Reply
4 Replies
Badfilemagic
Contributor II
‎11-29-2017 07:54 AM
‎11-29-2017 07:54 AM

Combined with the keychain password leakage vuln (https://m.slashdot.org/story/331681) that was discovered on release day, it just makes me remember to take most of their posturing about security with a grain of salt. No system is secure, they all just exist at varying levels of insecurity.
-- wdf//CISSP, CSSLP
Reply
kpinkham
Newcomer II
‎11-29-2017 05:34 PM
‎11-29-2017 05:34 PM

Looks like the original link is broken or was changed, thank you for sharing.

 

https://www.theregister.co.uk/2017/11/29/apple_macos_high_sierra_root_bug_patch/

 

 

Reply
kpinkham
Newcomer II
‎11-30-2017 09:30 AM
‎11-30-2017 09:30 AM

Something strange is going on with this patch. I applied it yesterday after reading this post (thanks again) and this morning it installed again.

Untitled.jpeg

Reply
0 Kudos
Early_Adopter
Community Champion
‎11-30-2017 09:55 AM
‎11-30-2017 09:55 AM

Yes thank you. One wonders if the 'root_access_bypass_macos_high_sierra' but of the URL sounded too much like a useful feature?

Reply
0 Kudos