科技创新!
MacOS High Sierra vulnerability publicly disclosed weeks ago
While Apple scrambles to issue a software fix for a major macOS High Sierra vulnerability, astute observers are wondering what took the company so long to react — after all, the problem was known about weeks ago.
It seems that on November 13, a commenter on an Apple developer forum disclosed the very vulnerability that today threw the infosec community into a frenzy. Oh, and it was called out 9 days ago on Twitter as well.
SEE ALSO: How to protect yourself from the massive macOS High Sierra security vulnerabilityAnd just how bad is this security threat? Well, it's not good. Essentially, it gives anyone with access to an unlocked computer the ability to set themselves as the root user — as well as log back in later to the locked computer at a time of their choosing.
To execute the hack, you only needed to go to System Preferences >Users & Groups, then enter "root" as your user name while leaving the password field blank. Try this a few times until you have access. It's that simple. The exploit was first explained by Apple developer chethan177.
Again, chethan177 posted this on November 13. Apple only issued instructions on how to protect yourself against this on November 28.
Tweet may have been deleted
Tweet may have been deleted
Whether or not anyone tried to responsibly disclose the threat with Apple remains unclear. But the fact that this attack — which in some cases can be performed remotely — was known to some developers weeks before Apple issued a statement about it is sure to turn heads.
Mashablehas reached out to Apple for comment and will update the story as soon as we hear back.
Featured Video For You
This eco-friendly fabric can repel stains and odors
文章
346
浏览
341
获赞
8
热门推荐
Reddit recruits black tech entrepreneur to join board
Reddit is honoring Alexis Ohanian’s request to fill his board seat with a black candidate by nCryptocurrency is no longer being accepted by Wikipedia
The Wikipedia community just successfully pushed back against cryptocurrency.On Sunday, the non-profGrindr Unwrapped names sex position and 'mother' of 2024
"Wrapped season" might be coming for cuffing season's lunch. The popularity of Spotify Wrapped has cTesla's German gigafactory finally opens
On Tuesday, Tesla's $5.5 billion German gigafactory located in Grunheide near Berlin opened its doorChunky baby seal born in Japan. Look at him, love him.
There is never a bad time to look at a cute baby animal, so please enjoy this adorable seal.The littStarbucks wants to get into the NFT business
Staring into the online void of random influencers hawking pointless NFTs, I've often found myself wSamsung's cute Pokémon
Pokémon fans rejoice: Samsung has revealed its Pokémon special edition of the Galaxy ZThe new Moto Edge+ has a smoother display and better processor
One thing is for sure: You can’t complain about phones being too small anymore.That’s dePolice use facial
Let's say it together: Facial-recognition technology is a dangerous, biased mess. We are reminded ofGoogle Search has a new 'Squid Game' Easter egg
Squid GameSeason 2is finally out on Netflix, kicking off a fresh round of deadly playground games. TApple reportedly planning iPhone subscription offering
Why would anyone want to purchase a smartphone outright when they could instead just rent it indefinWhy is JD Vance's big baby face all over the internet?
Online, the citizens of America are uniting — not for peace, not for progress, not to defend iHBO Max vs. HBO Go and HBO Now: What makes each service different
There are now three streaming services with HBO's name on them. Wednesday marked the official launchWhat's in the rug? TikTok's latest true crime mystery has been solved.
TikTok loves a good true crime mystery. It's not uncommon for folks to go viral over somewhat creepyRussia cracks down on Zello walkie
First Facebook, then Twitter, then Facebook again, and now... Zello?On Sunday, Roskomnadzor, the Rus