Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

mardi 28 novembre 2017

UPDATE Unauthenticated Root Access in macOS High Sierra (CERT-EU Security Advisory 2017-026)

On November 28th, a security researcher Lemi Orhan Ergin has notified Apple about a serious security issue in macOS Hight Sierra. It appears that anyone can login as root by providing an empty password. The bypass works by putting the word root in the user name field of a login window, moving the cursor into the password field, and then hitting Enter with the password field empty. With that - after a few tries in some cases - the latest version of Apple's operating system logs the user in with root privileges.

Lien vers l'article source

Auteur: Cert EU

Catégories: CertEUNombre de vues: 242

x

Événements SSI