Major Apple security flaw grants admin access on macOS High Sierra without password

Major Apple security flaw grants admin access on macOS High Sierra without password

7 years ago
Anonymous $ZOEEBQ1zf0

https://www.theverge.com/2017/11/28/16711782/apple-macos-high-sierra-critical-password-security-flaw

There seems to be a major flaw in Apple’s macOS High Sierra operating system that allows anyone with physical access to a Mac to gain system administrator access without so much as entering a password.

The vulnerability was publicly disclosed on Twitter this afternoon; it’s not clear whether the problem was privately reported to Apple ahead of time, which is the encouraged practice when security vulnerabilities are uncovered. (The company maintains an invite-only bug bounty program.) Despite its incredibly alarming simplicity, The Verge is not reproducing the steps to bypass High Sierra’s login screen here.