29 Nov
2017
29 Nov
'17
3:24 p.m.
Lol time to visit Apple Store El 29/11/17 a las 16:03, John Newman escribió:
https://it.slashdot.org/story/17/11/28/2135236/macos-high-sierra-bug-allows-...
The title pretty much says it all - you can login as root with no password, or elevate to root privileges to make system changes with no password, on all the current MacOS High Sierra releases. There is a work around (I think you simply have to enable the root account, with a password), but man.. wtf !?
It shouldn't affect sshd - PermitRootLogin defaults to no. However it does appear to affect VNC / Apple Remote Desktop connections. LOL! How does something like this get past QA ?