Don't Upgrade to macOS High Sierra because of this terrifying vulnerability: Nov. 2017
 |
| From Gil Shuler |
Anyone Can Hack MacOS High Sierra Just by Typing "Root"
-- WIRED (opens new window)
With this unique mix of unlimited power over the computer and the ease of implementation (type four easy to guess characters, click a couple of times), his is about as bad as it gets. You don't need mad skillz to take full control of any Mac running High Sierra.
From the article in WIRED:
"We always see malware trying to escalate privileges and get root access," says Patrick Wardle, a security researcher with Synack. "This is best, easiest way ever to get root, and Apple has handed it to them on a silver platter."Apple has released a patch, which you should apply immediately if you are running macOS High Sierra already:
On Wednesday, about 18 hours after the bug was widely publicized, Apple announced a security update to High Sierra designed to fix the "root" flaw. "A logic error existed in the validation of credentials," Apple's update reads. "This was addressed with improved credential validation."But, if you didn't just get a new Mac at a recent Black Friday Sale or your favorite Apple Store, or you just haven't upgraded your old reliable Mac yet, at least wait until the patch for this bug has been confirmed. Or better yet, wait for another month or so. The new macOS is still going through some growing pains and there' no real reason to upgrade unless you have specific hardware support requirements.
Some other scary High Sierra security flaws include:
- Nasty Password-Pilfering Hack Ruins Apple macOS High Sierra Launch (Forbes, requires white listing on your ad blocker)
- User password displayed as the password hint when unlocking encrypted APFS file systems (Objective-See.com)
Be careful out there!
Comments