Apple Vulnerability Allows Root Login Without Password

Marina Kidron Nov 29, 20176

A high–profile Apple vulnerability in High Sierra allows anyone to login as root without providing any password. Apple has released an update to address the flaw in it’s MacOS X 10.13; if you’re unable to update, set a root password for devices running the operating system.

The vulnerability is trivial to exploit. Simply enter the username “root,” leave the password field empty and click unlock a handful of times, blammo — you’re an admin. While the attacker would have to have physical or remote desktop access to the machine, if successful, they could do what they please.

Apple, thankfully, has swept this embarrassing oversight under the rug quickly.

  • About the Skybox Research Lab

The Skybox™ Research Lab is the force behind Skybox’s threat-centric intelligence used throughout our suite. Our team of security analysts scours data from more than 30 leading public and private security feeds as well as more than 700,000 sites on the dark web. The result is the most accurate vulnerability analysis based on Skybox-certified intelligence of the current threat landscape – delivered to customers daily.

Related Posts

ZNIU — Mobile Malware and Dirty COW: How a Dirty COW steals your information and your money.

Dirty COW (CVE-2016-5195) was described as the “most serious Linux local privilege escalation ever” when it was first disclosed and observed in active exploits in October of 2016. Though it was quickly patched once discovered, the bug had remained undetected for a stunning nine years in nearly all versions of the Linux OS.

BlueBorne Threatens 5.3 Billion Devices: Eight zero–day vulnerabilities have been announced affecting Android, iOS, Windows and Linux devices

While not observed in the wild, the BlueBorne wormable Bluetooth attack could impact more than 5.3 billion devices. Security researchers discovered eight zero–day vulnerabilities in Bluetooth protocol used in Android, iOS, Windows and Linux devices* — including mobile phones, laptops, desktops and other IoT devices.

Marina Kidron is Skybox Security's director of threat intelligence and leader of the Skybox Research Lab, a dedicated team of analysts who daily scour dozens of security feeds and sources and investigate sites in the dark web. Kidron has more than 10 years of experience in business and statistical data analysis, data modeling and algorithms development for information technology, mobile and internet companies and financial services companies. She earned a Master's degree in Political Marketing, and a Bachelor degree in Computer Science and Mathematics.

Recent Posts

Functional silos create dysfunctional OT security
Read More
What’s new in the Skybox Security version 11.5 release
Read More
Cryptomining is hottest new malware type, research reveals
Read More
Three ways to modernize your OT security programs
Read More
How to manage third-party cyber risk in banking and financial services
Read More
Vulnerability and Threat Trends Report highlights the importance of cyber exposure analysis that goes beyond CVSS rating
Read More