MacOS High Sierra Simplified Hack

To many ads? Support ODJT and see no ads!

steve149

Shine on you crazy diamond
Staff member
Sep 26, 2011
28,175
45,944
Connecticut
It appears someone at Apple messed up big time .. you can get root level access on many (if not most) Macs running High Sierra by simply logging in as "Root" with no password. Seems to work in malware as well ..

so those who run Macs .. be careful until they fix this ... Anyone Can Hack MacOS High Sierra Just by Typing "Root"
 
One of the reasons I'm not on HS yet. ;) They've had support issues as well (Serato just released their latest version, which is compatible with HS).

In truth, if properly setup, users should be creating a password for their root accounts, which would avoid this problem. This is no different than using an Admin level account (which is root) on Windows as your daily account and with either no password or autologin - and this happens EVERY DAY.

'researchers confirm—that it's possible to block the attack by either setting a password for the root user, or disabling root access altogether' - similarly stated for MS, this would be 'researchers confirm—that it's possible to block the attack by either setting a password for the admin user, or disabling admin level as a daily use account'.

One of the differences is that Mac has 3 levels of security, while MS only has 2. The Mac has general users, system admins and then root. MS has general users and admin (root). From a security aspect, unless needed, root should be disabled on Mac's - and by default, is a hidden account to protect it from users using it as their everyday account.

In any environment, security is only as strong as the weakest link.
 
Last edited:
I know it happens more so on Windows boxes ... this was just for those who might still cling to the "Macs can't get viruses" thought process.
 
If setup properly, they can't. :)

Many have tons of viruses - but they're all for MS boxes. ;)

Likewise, a properly configured MS box will ALSO see alot less problems (virus, trojans, etc).
 
  • Like
Reactions: ittigger
There's a couple of other problems with High Sierra. For one, Photobooth freezes making it useless. I also liked that when previewing an mp3 I could see the artwork (album cover). That doesn't work with HS.

One thing I do like is Siri being added. i.e. Instead of searching the applications folder I can just tell Siri what app to open. Don't have to bother with the calculator, just tell Siri 12 X 47 and the answer comes up.

Reinstalling Sierra isn't an easy task so I'll just wait for these goofs to get fixed.
 
  • Like
Reactions: ittigger
I don't use album covers or Siri so those have 0 effect for me. Rarely use Photobooth too - on the Mac anyways. :)
 
It appears someone at Apple messed up big time .. you can get root level access on many (if not most) Macs running High Sierra by simply logging in as "Root" with no password. Seems to work in malware as well ..

so those who run Macs .. be careful until they fix this ... Anyone Can Hack MacOS High Sierra Just by Typing "Root"

Isn't Ios a Unix derivative? If so, allowing anyone to gain root access is a GIGANTIC risk.
 
To elaborate on the issue. You CANNOT walk up to any machine and enter Root with no password and login.

First, a user account has to be compromised for access to the system. Then, the Root account must be disabled. What then happens is a script is run and the Root account is enabled with no password. To avoid this issue, you enable Root and give it a password. Simple as that.

As posted, there was a patch for HS released today.
 
  • Like
Reactions: Dan The Man