Root Security Flaw Allows Anyone To Become Root In Mac OS High Sierra

I can confirm the new root security flaw would affect the Apple’s MacBook Pro 2016 model because I’m using one at the moment.  I can also confirm this same flaw would also work on my older MacBook Pro (Mid 2010 model).  Basically, as of how other people have mentioned, this flaw would work regardlessly the MacBook laptop model you’re using as long you had upgraded your MacBook machine to Mac OS High Sierra.  As of now, the flaw is also affecting the latest version of Mac SO High Sierra (10.13.1).  How would the flaw work?  Read on…

I assume this flaw would work still even you have turned on FileVault.  Basically, as long your Mac allow anybody to enter the username as root at the login screen or any login prompt (except in terminal), he/she could just hit enter once or twice without using any password and the root login would be successful.  If you’re new to Mac and Linux, let’s just say that root is the super account that can do just about anything on Mac and Linux machines.  Root can change all users’ passwords.  In fact, root can even erase the entire machine’s storage and destroy the whole operating system with just one command which is [rm -rf /].

I tested the flaw out as how I’d seen on YouTube, and it worked marvelously.  Basically, I was already logged into the machine, and so I went to System Preferences > Users & Groups > clicked the lock icon at the bottom left > entered root at the username prompt > hit “enter key” twice and became root right after.  From here I could change any user’s password or delete any user and group.  In fact, any login prompt would allow me to become root and execute the available super account’s features.

To fix this problem, as seen on YouTube, I opened up the terminal > typed in the command [sudo su] > entered root password (hit enter key without password won’t work in terminal) > typed in command [passwd] > entered same root password or new one (doesn’t matter as long you type in a password you could remember) > exit the terminal entirely by typed [exit] couple times in the terminal > shutdown the terminal by quitting the terminal from the dock.  After this, I tried the root flaw and it wouldn’t work on the graphical user interface such as in the System Preferences.  Thus, I think the fix is real.

Here is one secret I would let you guys in.  Actually, this flaw isn’t a flaw.  Apple has always been easy in regarding in allowing people to physically reset a user password.  In fact, you can also reset a root password of your Mac for as long as Mac has been in the existence, because in the video right after the break I’d talked about how to reset an administrator password in Mac OS X Lion without remembering the root password or using a recovery disk.  By the way, Mac OS X Lion is way back then.  I think Mac OS X Lion was released in 2011.

Since 2011-2012, I haven’t tested the trick I talked about in the video, and so I’m very rusty now.  I’m not even sure the same trick would work exactly the same way as how I had walked you through in the video for newer machines and newer Mac OS iterations.  Regardless, I think even now there should be some similar tricks for you to reset an administrator/root password on any Mac OS as long you got a physical access to the machine.  Maybe FileVault would be able to stop and block the trick I’d shown you in the video from working successfully, but I’m not sure if this is even the case since I haven’t tested this very trick out when I got FileVault running.  So, I think the best security is still all about keeping your machine in a locked cage when you’re not around it.  Keeping a physical machine away from unwanted intruders/hackers would be the best way to stop easy hacks.  Regardless, sometimes remote hacks could also be as easy as the root flaw I’d mentioned in this post.

Advertisements

Smart Cover Security Flaw For iOS 5 On iPad 2

iPad 2 which uses iOS 5 has a major security flaw in regarding to the use of Smart Cover.  Smart Cover is able to unlock the password protected lock screen to reveal only the recent opened application.  Fortunately, this flaw won’t allow the exploration of everything else there is on iPad 2, because the password protected lock screen returns after someone exits the recent opened application.  If this is unclear, you can check out the video right after the break to get a better understanding of iPad 2’s Smart Cover iOS 5 security flaw.

You can disable the iPad Cover Lock / Unlock feature to temporary fix Smart Cover iOS 5 security flaw.  Here is how to disable iPad Cover Lock / Unlock feature:

  1. Go into Settings,
  2. Go to General,
  3. Switch On to Off for iPad Cover Lock / Unlock

Want to know how to repeat the Smart Cover iOS 5 security flaw on iPad 2?  Here is how:

  1. Open up an app such as Reminders
  2. Push the power button once to turn off the iPad 2 screen
  3. Push the power button again to make sure the lock screen is on
  4. Slide the slide to unlock slider to expose the password request screen
  5. Get out of the password request screen
  6. Hold down the power button till you see the slider which asks you to slide to power off the iPad 2.  Don’t slide it!
  7. Covering up iPad 2 with the Smart Cover, and the Smart Cover has to secure to iPad 2 correctly.
  8. Uncovering the iPad 2 by lifting the Smart Cover to the backside of iPad 2.
  9. Hit the cancel button to reveal the current/recent opened application which is the Reminders.  You will notice that you can also use the Reminders as usual.  The password protected lock screen will reappear when you get out of the Reminders app.
  10. Before unlock the password protected lock screen, repeating the same process the second time around won’t work and reveal only the black screen.  To reenact this security flaw process again, you have to unlock the lock screen first by entering in the correct password.

Source:  http://9to5mac.com/2011/10/20/anyone-with-a-smart-cover-can-break-into-your-ipad-2/