News Stay informed about the latest enterprise technology news and product updates.

Serious macOS flaw in High Sierra allows attackers to log in as root

An Apple macOS flaw in High Sierra could allow an attacker to bypass any authentication dialog, including signing in to a system as a full root user.

A security issue in Apple's macOS High Sierra could allow an attacker to bypass any authentication dialog and even...

sign in as a root user.

The macOS flaw gained visibility after Lemi Orhan Ergin, agile software craftsman at payment platform vendor Iyzico, based in Istanbul, Turkey, tweeted about it Tuesday. Ergin asked Apple on Twitter if it was aware of an authentication bypass issue in its desktop operating system that could allow anyone with physical access to a target system to "login as 'root' with empty password after clicking on login button several times."

However, it wasn't the first time the issue was brought up. Ergin said in a Medium post that the infrastructure team at his company brought the macOS flaw to his attention on Nov. 23rd and there have been Apple Developer Forums posts about the issue as far back as Nov. 13th.

Tim Erlin, vice president of product management and strategy at Tripwire, criticized Ergin for his tweet.

"Failing to follow responsible disclosure guidelines puts everyone at greater risk," Erlin told SearchSecurity. "Public disclosure like this, especially with a major vulnerability, ensures the widest possible distribution of the information among malicious attackers, and instills a sense of urgency to attack before a patch is available."

Xavier Mertens, security consultant for SANS Internet Storm Center, said in an alert a "quick fix" would be to create a password for the root user.

Apple has released a patch for the macOS flaw Wednesday and said the issue was due to "a logic error [that] existed in the validation of credentials. This was addressed with improved credential validation."

Potential other vectors

Will Dormann, senior vulnerability analyst at CERT, found the macOS flaw could be remotely exploitable if Apple's Remote Desktop system is enabled, and "that gives full interactive remote root access to a system, without requiring a password."

Additionally, Thomas Reed, a recognized Mac evangelist at Malwarebytes Labs, found this latest macOS flaw "works with any authentication dialog in High Sierra."

"On a Unix system, such as macOS, there is one user to rule them all. The root user is given the power to change anything on the system. There are some exceptions to that on recent versions of macOS, but even so, the root user is the single most powerful user with more control over the system than any other," Reed wrote in a blog post. "Being able to authenticate as the root user without a password is serious, but unfortunately, the problem gets worse. After this has (sic) bug has been triggered, it turns out you can do anything as root on the first try, without a password."

Reed added that while this macOS flaw could allow someone to log in to a system locally or remotely, if Remote Desktop is turned on, and be able to "do whatever they want, including accessing your files, installing spyware, you name it," there is a way to protect data.

"If you have your Mac's hard drive encrypted with FileVault, this will prevent the attacker from having a persistent backdoor," Reed wrote. "In order to log in, the attacker would have to know the password that will unlock FileVault. Not even the all-powerful root user can access an encrypted FileVault drive without the password."

Dig Deeper on Alternative operating system security

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

5 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What do you think about this root user issue in macOS High Sierra?
Cancel
only if MAC users release control in settings to public! Which by the way can be done on any computer or device.
Cancel
My understanding for over ten years of using Mac OS X is that root is disabled by default. I assumed my machine was safe, so thought I'd look into this. Turns out root is still disabled on my machine as I always thought. I think this will be true for most Macs out there. You have to go to some trouble to enable root, and I think this will only be done by system-level developers for very good reasons.

So this seems an exploit that will affect very few people and they will be people who know what they are doing at this level anyway, probably writing software that could wipe out the machine anyway.
Cancel
This reads like a junior developer was allowed to make small changes, but instead created large amount of changes.  Then the senior programmer proof reader did not kick back the large changes that the junior developer did. 

Both should laid permanently.
Cancel

This reads like a junior developer was allowed to make small changes, but instead created large amount of changes.  Then the senior programmer proof reader did not kick back the large changes that the junior developer did. 

Both should be laid permanently laid off.
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

  • CIO Trends #6: Nordics

    In this e-guide, read how the High North and Baltic Sea collaboration is about to undergo a serious and redefining makeover to ...

  • CIO Trends #6: Middle East

    In this e-guide we look at the role of information technology as the Arabian Gulf commits billions of dollars to building more ...

  • CIO Trends #6: Benelux

    In this e-guide, read about the Netherlands' coalition government's four year plan which includes the term 'cyber' no fewer than ...

Close