Mac OS X High sierra 10.13.1 logins without password a Big security Flaw
it turns out that apple mac os x high sierra 10.13 has a big security flaw that let log in to mac without password
so the user root will unlock your mac login in just seconds , which means that the some one may get all your passwords of your keychains . By heading to your device's System Preferences, under Users & Groups, you can click on the lock and get hit with a prompt asking for a username and password to change settings. Then, instead of entering a password, you can type in "root" for the username and leave the password field empty.
After clicking unlock several times, it should eventually open up, no passwords necessary. Lemi Orhan Ergin, the founder of Software Craftsmanship Turkey, discovered the security flaw and tweeted it out to Apple Support on Tuesday.
Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as "root" with empty password after clicking on login button several times. Are you aware of it @Apple?
CNET independently confirmed this security flaw exists.
"We are working on a software update to address this issue," an Apple spokesperson said. "In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the 'Change the root password' section."
The simple exploit means anybody with physical access to your MacOS High Sierra device can log in on your computer, no matter how secure your passwords are.
so in order to fix this i have made a tutorial hurry up and disable your root account .
No comments:
Post a Comment