cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Champion

Apple root password privilege escalation bug

This is catastrophic in terms of the privilege escalation threat/impact to Apple endpoints running High Sierra.

 

It does have a patch coming, and there is s work round(set root password - highly recommended).

 

More details alvailble here:

 

http://www.theregister.co.uk/2017/11/28/root_access_bypass_macos_high_sierra/ 

 

 

4 Replies
Contributor II

Re: Apple root password privilege escalation bug

Combined with the keychain password leakage vuln (https://m.slashdot.org/story/331681) that was discovered on release day, it just makes me remember to take most of their posturing about security with a grain of salt. No system is secure, they all just exist at varying levels of insecurity.
-- wdf//CISSP, CSSLP
Newcomer II

Re: Apple root password privilege escalation bug

Looks like the original link is broken or was changed, thank you for sharing.

 

https://www.theregister.co.uk/2017/11/29/apple_macos_high_sierra_root_bug_patch/

 

 

Highlighted
Newcomer II

Re: Apple root password privilege escalation bug

Something strange is going on with this patch. I applied it yesterday after reading this post (thanks again) and this morning it installed again.

Untitled.jpeg

Community Champion

Re: Apple root password privilege escalation bug

Yes thank you. One wonders if the 'root_access_bypass_macos_high_sierra' but of the URL sounded too much like a useful feature?