On Tuesday (28) a Turkish programmer named Lemi Orhan Ergin, co-founder of Software Craftmanship Turkey was the one who discovered the flaw and tweeted the discovery that the password you put to protect your macOS Sierra account doesn't actually protect .
When the system asks for login confirmation, both to access the account and to disable the system's password protection, just use the username "root" and click the login button several times, at some point the operating system will accept credentials as legitimate and release access without typing a password.
Ergin demonstrates an example of what he did, he went to the system preferences, went to the users and groups section and clicked on the padlock to activate the changes made to the system. Afterwards, he performed the same procedure explained in the previous paragraph, managing to make the changes without typing his password.
You can access it via System Preferences>Users & Groups>Click the lock to make changes. Then use "root" with no password. And try it for several times. Result is unbelievable! pic.twitter.com/m11qrEvECs
— Lemi Orhan Ergin (@lemiorhan) 28 de novembro de 2017With that, he notified Apple of the flaw and the company responded saying "We are working on a software update to fix this problem. In the meantime, set a root password to prevent unauthorized access to your Mac. To enable the Root User and set a password, please follow these instructions. If a Root User is already enabled, to ensure that a blank password is not set, please follow the instructions in the 'Change the root password' section."
Just tested the apple root login bug. You can log in as root even after the machi was rebooted pic.twitter.com/fTHZ7nkcUp
— Amit Serper (@0xAmit) November 28, 2017
- The best apps to download music on iPhone without piracy
- The Story of iOS [Updated iOS 12.1]
In September, a digital security expert also discovered a breach in the password management system (Access à Chaves) that allowed theft of logins. This issue has already been resolved by the manufacturer, but it is worth mentioning that this flaw in the latest version of Apple's system was no exception, as a new flaw has just been discovered.
