Exploiting Browsers using PasteJacking and XSSJacking Vulnerability
November 15, 2017
Cryptocurrency Mining Scripts Harnessing your cpu memory via Browsers
December 1, 2017A critical vulnerability has been discovered in macOS High Sierra allowing any user to get root access on a mac system without any passwords.
In order to perform this, you just need to type “root” into the username field, leave the password blank, and hit the Enter a few times ( two or more) and gain access immediately.
To carry out the exploit,
-> Open System Preferences-> Users & Groups -> Enter “root” in the username field-> Select Password field and hit enter multiple times.
Root access
What’s more, there’s no patch yet for this!
Make-shift fix to protect:
-> Enable the root user with a password.
Follow the below steps:
System Preferences -> Users & Groups -> Enter your admin name and password there
Go to Login Options -> Join -> Open Directory Utility”
Make changes and type your username and password -> Edit-> Enable Root User-> Set password
Additionally, disable Guest accounts on your Mac
System Preferences → Users & Groups-> Guest User-> Disable Allow guests to log in to this computer
