How To: Protect Yourself from macOS High Sierra's Glaring Empty-Password Security Flaw

How To: Protect Yourself from macOS High Sierra's Glaring Empty-Password Security Flaw
There's a new macOS vulnerability that hackers within physical reach of your computer can use to gain root access to your system and accounts. Just by using "root" as the username and a blank password on a privilege escalation prompt, someone can install malware on your computer, access hidden files, reset your passwords, and more. Root access gives them the ability to do anything they want.Right now, this only appears to affect Mac users running macOS High Sierra 10.13.1.

How to See if Your System in VulnerableTo test if your system could be hacked, go to the "Users & Groups" section in "System Preferences," and click on the lock icon at the bottom of the pane to make changes. Remove your username and replace it with "root" instead. Next, click inside the password box, then hit the "Unlock" button.You may have to hit "Unlock" a few times to get it to unlock, but it will eventually work unless you manually set a root password on your Mac, which you likely didn't. This is just one example, but any security prompt asking for a username and password can be bypassed in this way, including on the login screen.

How to Protect Yourself from This Local HackTo protect yourself from this huge security flaw (CVE-2017-13872), install the Security Update 2017-001 from Apple immediately, which was issued on Wednesday, Nov. 29. Just open up the Mac App Store app, go to the "Updates" tab, then hit "Update" next to the security update. Apple states that "a logic error existed in the validation of credentials" in their description of the update's content.If you need root user access yourself, you'll have to re-enable and select a new password from the Directory Utility in System Preferences. Previously, before Apple released the patch, the only way to protect yourself (besides enabling the root user manually) was to make sure you were logged in as administrator and open up the Terminal app, which could be found in the "Utilities" folder in "Applications" or through a Spotlight search for it. Once there, you would do the following.Type sudo passwd -u root and hit enter. Enter your current admin password and hit enter. Enter a new password for root and hit enter. Re-enter the root password to confirm and hit enter. After using the trick above, if you try to use the "root" and blank password to gain root access on a privilege escalation prompt, it won't work, and you'll need to enter your new root password in. After updating with Apple's patch, it won't work either, but you also won't have a root password. If you used the Terminal trick or created a root password manually, make sure to remember your new root password or keep it in a password manager you can access from other devices. If you should lose it, it will be a difficult process to reset it should you need to.Follow Gadget Hacks on Facebook, Twitter, Google+, YouTube, and Instagram Follow WonderHowTo on Facebook, Twitter, Pinterest, and Google+
Cover photo, screenshots, and GIFs by Justin Meyers/Gadget Hacks



How to Copy and Paste on Your iPhone or iPad. This wikiHow teaches you how to duplicate text or images in one location and insert them elsewhere on your iPhone or iPad. Tap and hold on a word. This activates a window that magnifies the
The Scoop on How to Copy and Paste on an iPhone - Lifewire


How To: The Flashlight That Finally Lets You Adjust LED Brightness on Your Samsung Galaxy Note 2 How To: Root the Samsung Galaxy S6 & S6 Edge How To: Adjust the screen brightness settings on the Samsung Galaxy Tab News: Samsung's TouchWiz Updates Aren't as Bad as You Think
How to Really Auto Adjust the Brightness of Your Samsung


The best browser for your Mac is the one that comes with your Mac. Safari is faster and more energy efficient than other browsers. Handy tools help you save, find and share your favourite sites. Built-in privacy features help keep your browsing your business. And Safari works with iCloud to let you browse seamlessly across all your devices.


The Home screen is best known for its humble duty of serving your application icons to your fingertips on demand, but one element of it that often get overlooked in Apple's software redesigns is the page indicator just above the Dock.
20 of the best iPhone 6S wallpapers | TechRadar


Here's how to see every photo you've liked on Instagram. Under "Account," tap the words "Posts I've Liked." All the pictures you've ever liked will be sorted chronologically for easy access.
Where can I see recent photos and videos I've liked? - Instagram.


How to Bypass a Firewall or Internet Filter. This wikiHow teaches you how to view blocked websites or content on a restricted computer, as well as on a mobile item if you're using a Virtual Private Network (VPN).


5. if this is your first time using skype on the pad then you will have to sync your phone number to your account. 6. then search for your friends or add new ones to make calls. 7. if you do not see skype then you might have to go to the app store then download it as windows or windows mobile
Understanding and Using Windows 10 - HP® Customer Support


How To: Android's Built-In Scanner Only Catches 15% of Malicious Apps—Protect Yourself with One of These Better Alternatives How To: 3 Great Apps for Reverse Phone Number Lookup on Android News: The 4 Best Apps for Private, Encrypted Messaging on Android & iPhone
The Definitive Guide to Android Malware « Nexus 7 :: Gadget Hacks


A decision to upgrade or downgrade depends on which version of iOS is running on your iPhone or iPad. iOS 12.1.3. If you're on iOS 12.1.3 or iOS 12.2 beta, then you should downgrade to iOS 12.1.2 or iOS 12.1.1 before Apple stops signing iOS 12.1.2 or iOS 12.1.1.
iOS 6 Deleted My Text Messages and Imessages | News: Want to


Sending texts from your computer is extremely useful in dozens of situations. Perhaps you lost your phone and need to send a message to someone, maybe you're over your monthly text limit and
How to Send Text Messages Through Your Computer


But what if you never actually "post" it in the first place? Step 1: Download Facebook Undo. Download the free Chrome Extension Facebook Undo to enable the option to undo a post after you hit the "Post" button, just like you'd get with the Undo Send option in Gmail. The extension should install without the need to restart or refresh your page.
Think Your Deleted Facebook Posts Are Really - HotHardware


You are eligible for a full refund if no ShippingPass-eligible orders have been placed.You cannot receive a refund if you have placed a ShippingPass-eligible order.In this case, the Customer Care team will remove your account from auto-renewal to ensure you are not charged for an additional year and you can continue to use the subscription until the end of your subscription term.


Google Chrome is set to go dark soon, but if you can't wait, here's how to enable Google Chrome dark mode on Windows 10. Here's how to enable the hidden Google Chrome dark mode on Windows 10
How to Use a Dark Theme in Windows 10

0 comments:

Post a Comment