Post Now

Gain Admin Access Root Account Without Password! Bug in MacOS(10.13)!

Image

An easily exploitable vulnerability in the latest version macOS (10.13) allows user to create a Root account and gain admin access without password.

An easily exploitable vulnerability in the latest version MacOS (10.13) allows user to create a Root account and gain admin access without password.The bug can be exploited by anyone who has physical access to the system. The attacker just needs to enter root in the username field, leave the password field blank and repeatedly click the enter button.The bug cannot be exploited remotely unless remote access has been granted to the system.

Read more on: MuddyWater: Hackers Target Middle East Nations
Lemi Orhan Ergin, Turkish software developer who discovered the critical vulnerability and disclosed it publicly via Twitter.MacOSMacOSBelow are the steps how you can login as root user without password:
  1. Open system preference in Mac OS
  2. Go to user and groups
  3. Select the lock icon in bottom left corner of the window
  4. Enter Root in the username field
  5. Move the cursor to password field
  6. Repeatedly click the enter button until the user is created
That's it; you are logged in as the root user with permission like to read and write files including files of other accounts also, to delete crucial system files, to install malware.However, the bug cannot be exploited if the Mac machine is turned on and protected with a password.Apple has responded to the matter in a statement that “We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.”How to set password for root user
  1. Open System Preferences and click Users & Groups (or Accounts).
  2. Click on the lock icon and enter an administrator name and password.
  3. Click Login Options and select Join.
  4. Click Open Directory Utility.
  5. Click the lock icon in the Directory Utility window and enter an administrator name and password.
  6. From the menu bar in Directory Utility, choose Edit.
  7. Select enable root user and Enter a root password.
In October, a bug was discovered in Apple macOS High Sierra 10.13 version that revealed user’s encrypted drive password in the hint box. Now at the time of writing Apple has released a security update to fix the bug. Users are requested immediately update their system.
You may be interested in reading: Self Replicating qkG Ransomware Targets Word Documents