KVR Audio

V0RT3X · Post by **V0RT3X** » Wed Nov 29, 2017 4:42 am

https://www.wired.com/story/macos-high- ... hack-root/

This is seriously f**ked. I hope some people at Apple are getting fired for this and we'll see a fix by tomorrow..

I've personally tested this and can confirm it does work.

Article from wired is below to prevent you from getting spammed by their 100+ ad trackers..

Screen Shot 2017-11-28 at 8.43.59 PM.png

"THERE ARE HACKABLE security flaws in software. And then there are those that don't even require hacking at all—just a knock on the door, and asking to be let in. Apple's macOS High Sierra has the second kind.

On Tuesday, security researchers disclosed a bug that allows anyone a blindingly easy method of breaking that operating system's security protections. Anyone who hits a prompt in High Sierra asking for a username and password before logging into a machine with multiple users, they can simply type "root" as a username, leave the password field blank, click "unlock" twice, and immediately gain full access.

In other words, the bug allows any rogue user that gets the slightest foothold on a target computer to gain the deepest level of access to a computer, known as "root" privileges. Malware designed to exploit the trick could also fully install itself deep within the computer, no password required.

"We always see malware trying to escalate privileges and get root access," says Patrick Wardle, a security researcher with Synack. "This is best, easiest way ever to get root, and Apple has handed it to them on a silver platter."

As word of the security vulnerability rippled across Twitter and other social media, a few security researchers found they couldn't replicate the issue, but others captured and posted video demonstrations of the attack, like Wardle's GIF below, and another that shows security researcher Amit Serper logging into logged-out account. WIRED also independently confirmed the bug.

The fact that the attack could be used on a logged-out account raises the possibility that someone with physical access could exploit it just as easily as malware, points out Thomas Reed, an Apple-focused security researcher with MalwareBytes. They could, for instance, use the attack to gain root access to a logged-out machine, set a root password, and then regain access to a machine at any time. "Oooh, boy, this is a doozy," says Reed. "So, if someone did this to a Mac sitting on a desk in an office, they could come back later and do whatever they wanted."

Reed also notes, however—and other researchers confirm—that it's possible to block the attack simply by setting a password for the root user.. If you've installed High Sierra and haven't set a root password, you should do it now. In a statement, Apple confirmed the problem, reiterated that short-term fix, and promised a longer-term software patch: "“We are working on a software update to address this issue," an Apple spokesperson wrote.1

'This is best, easiest way ever to get root, and Apple has handed it to them on a silver platter.'
SECURITY RESEARCHER PATRICK WARDLE
High Sierra's "root" bug was first revealed by Turkish software developer Lemi Orhan Ergin‏, who says security staff at his company stumbled on the issue while trying to help a user get back into their account. "They informed me and tried on my machine too. And I saw the security issue with my eyes. That was scary," Ergin says.

The face-palm worthy bug is only the latest in a disturbing series that have plagued High Sierra. On the day the operating system launched, Wardle found that malicious code running on the operating system could steal the contents of its keychain without a password. And another shocking bug showed the user's password as a password hint when they try to unlock an encrypted partition on their machine known as an APFS container.

Wardle argues that those flaws might have been caught earlier if Apple offered a "bug bounty" for information about security vulnerabilities in its desktop software, just as most other companies do. Apple does have a bug bounty, but only for iOS, not MacOS. "A bug bounty program is a no-brainer. Maybe this is something that will encourage them to go down that path," Wardle says. "It's crazy these kinds of bugs keep blowing up. I don't know if I should laugh or cry."

1Corrected 11/28/2017 11:30pm EST to note that the short term fix for High Sierra's security flaw is to set a root password, not to either set that password or disable root access, as this article had originally stated."

funky lime · Post by **funky lime** » Wed Nov 29, 2017 4:45 am

But macs can't get viruses

V0RT3X · Post by **V0RT3X** » Wed Nov 29, 2017 4:49 am

funky lime wrote:But macs can't get viruses

Yah I know right?

I've fortified my Mac with a 3rd party antivirus and firewall.

Michael L · Post by **Michael L** » Wed Nov 29, 2017 5:12 am

A trojan tagged "Komplex" exploited a vulnerability in the MacKeeper antivirus app!
Telemarketers call me weekly to sell me Windows trojans.
Be safe!

V0RT3X · Post by **V0RT3X** » Wed Nov 29, 2017 7:03 am

Michael L wrote:A trojan tagged "Komplex" exploited a vulnerability in the MacKeeper antivirus app!
Telemarketers call me weekly to sell me Windows trojans.
Be safe!

Do not install Mackeeper. I've avoided this like a plague after reading plenty on it.
https://discussions.apple.com/docs/DOC-3036

I've been using Bitdefender.

aMUSEd · Post by **aMUSEd** » Wed Nov 29, 2017 7:05 am

MacKeeper is a scam app anyway

Is this really just HS or have people tested other OS-X versions too?

V0RT3X · Post by **V0RT3X** » Wed Nov 29, 2017 7:18 am

aMUSEd wrote:MacKeeper is a scam app anyway

Is this really just HS or have people tested other OS-X versions too?

Not sure about other versions, but if you have HS then i suggest you test this out yourself.

Check out the developer of Objective-see's Twitter account for more info.

https://twitter.com/patrickwardle

*Update* Just reading the article.. and apparently this exploit works remotely too

aMUSEd · Post by **aMUSEd** » Wed Nov 29, 2017 7:19 am

I don't have HS

V0RT3X · Post by **V0RT3X** » Wed Nov 29, 2017 7:22 am

aMUSEd wrote:I don't have HS

Good, you probably want to hold off getting it until Apple get this shit show fixed.

aMUSEd · Post by **aMUSEd** » Wed Nov 29, 2017 8:22 am

But I'm wondering if they haven't checked it doesn't affect the earlier versions just because they're only bothered about the new one?

PurpleSunray · Post by **PurpleSunray** » Wed Nov 29, 2017 2:10 pm

I'm no Apple user - so can someone give inside on all the fuss on this?
There is a root account that has an empty password, so you can login as root with empty password.
That is same on my Ubuntu, Debian, Fedora & co. If root account has empty password, I can login as root with empty password.
What's the bug on this?

Jolaff · Post by **Jolaff** » Wed Nov 29, 2017 2:14 pm

https://www.youtube.com/watch?v=Nrsj_EqadHk

AnX · Post by **AnX** » Wed Nov 29, 2017 2:36 pm

apple

Way too much panic.... unless you let strangers into your house to use your computer its fine.... i'd be more worried about all the stuff that needs "fixing" whenever you update

chk071 · Post by **chk071** » Wed Nov 29, 2017 2:48 pm

Doesn't work for german Macs. And i wouldn't be surprised if it doesn't work for other Macs either. Also, the way this bug was "reported" is just awesome, and so typical for the times we're living in.

Guy "contacted" Apple support via Twitter...

BertKoor · Post by **BertKoor** » Wed Nov 29, 2017 3:39 pm

chk071 wrote:Doesn't work for german Macs.

Only sort of... You need to type "Wurzel" instead of "root" for the user id

Anyone Can Hack MacOS High Sierra Just by Typing "Root"