Twitter | Search | |
Lemi Orhan Ergin
Dear , we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as "root" with empty password after clicking on login button several times. Are you aware of it ?
Reply Retweet Like More
Lemi Orhan Ergin Nov 28
Replying to @AppleSupport @Apple
You can access it via System Preferences>Users & Groups>Click the lock to make changes. Then use "root" with no password. And try it for several times. Result is unbelievable!
Reply Retweet Like
Apple Support Nov 28
Replying to @lemiorhan
Thanks for reaching out. Send us a DM, and we'll look further into this with you.
Reply Retweet Like
Gavin Will Nov 28
Replying to @lemiorhan @asanso and 2 others
Confirmed I can reproduce
Reply Retweet Like
Gavin Will Nov 28
Replying to @lemiorhan @asanso and 2 others
And can just login at main login screen with root and empty password
Reply Retweet Like
Vlad Filippov Nov 28
While you are fixing OS X, could you also make "Automatically adjust brightness" checkbox "off" state work again?
Reply Retweet Like
Brendan Davidson Nov 28
Reminds me of this gif
Reply Retweet Like
Themetris Nov 28
I doubt it. They're too busy adding emojis and shoehorning Siri into MacOS to notice actual problems.
Reply Retweet Like
Tomas Nov 28
Not even multiple times, just hit enter, and off it goes...
Reply Retweet Like
Michael Graziano Nov 28
Sometimes works the first time, sometimes takes a few tries. Something's rotten in the authentication layer!
Reply Retweet Like
Tomas Nov 28
And as someone else stated, I was even able to login from main login windows using root and no password just hit enter….serious bug!
Reply Retweet Like
Whitney Merrill Nov 28
Probably more effective if you had used their bug bounty program for reporting. Apple Support = tech support, not security vulnerability reporting:
Reply Retweet Like
Zeke Marffy Nov 28
They’re not the ones who “add” emojis. So many people don’t understand this…
Reply Retweet Like
Michael Linde Nov 28
Um, not on High Sierra machines at my work - are you sure that isn’t someone’s management setup (as bad as that is)?
Reply Retweet Like
The Register Nov 28
Replying to @mlinde @lemiorhan and 3 others
It works for us. This is not gr8.
Reply Retweet Like
Tim Gostony Nov 28
Replying to @mlinde @lemiorhan and 3 others
sadly just reproduced it on a mostly clean install
Reply Retweet Like
Thomas Fuchs 🦕 Nov 28
Reply Retweet Like
Chef's Kiss Megamix Nov 28
Reset your SMC.
Reply Retweet Like
Brian Hoffman Nov 28
wow this is so bad...
Reply Retweet Like
Bloonface Nov 28
Literally just tried it here too. Got straight in, first try.
Reply Retweet Like