Gain Root without Password- macOS Sierra

PasteJacking and XSSJacking Vulnerability
Exploiting Browsers using PasteJacking and XSSJacking Vulnerability
November 15, 2017
Cryptocurrency Mining Scripts Harnessing your cpu memory via Browsers
December 1, 2017

December 1, 2017

A critical vulnerability has been discovered in macOS High Sierra allowing any user to get root access on a mac system without any passwords.

In order to perform this, you just need to type “root” into the username field, leave the password blank, and hit the Enter a few times ( two or more) and gain access immediately.

To carry out the exploit,

-> Open System Preferences-> Users & Groups -> Enter “root” in the username field-> Select Password field and hit enter multiple times.

Root access

Root access

What’s more, there’s no patch yet for this!

Make-shift fix to protect:

-> Enable the root user with a password.

Follow the below steps:

System Preferences -> Users & Groups -> Enter your admin name and password there
Go to Login Options -> Join -> Open Directory Utility”
Make changes and type your username and password -> Edit-> Enable Root User-> Set password
Additionally, disable Guest accounts on your Mac
System Preferences → Users & Groups-> Guest User-> Disable Allow guests to log in to this computer

Discover more from SecureLayer7 - Offensive Security, API Scanner & Attack Surface Management

Subscribe now to keep reading and get access to the full archive.

Continue reading

Enable Notifications OK No thanks