Tag: Tech

Posted on

macOS High Sierra “root” User is Enabled by Default with Blank Password

Apple will be issuing Software Update to disable “root” user which is inadvertently enabled by default with blank password in macOS High Sierra.

To disable “root” user, follow the instruction from Apple or the instruction below:

Disable the root user
Choose Apple menu () > System Preferences, then click Users & Groups (or Accounts).

Click the Lock, then enter an administrator name and password.
Click Login Options.
Click Join (or Edit).
Click Open Directory Utility.
Click the Lock in the Directory Utility window, then enter an administrator name and password.
From the menu bar in Directory Utility: Choose Edit > Disable Root

In previous incarnations of macOS/OS X/Mac OS X, “root” user is disabled by default.

Note:
Anyone with physical access to your Mac potentially can reset your password.

Posted on

Root Access Vulnerability in macOS High Sierra

As reported by Juli Clover for MacRumors and numerous other sites:

The bug, discovered by developer Lemi Ergin, lets anyone log into an admin account using the username “root” with no password. This works when attempting to access an administrator’s account on an unlocked Mac, and it also provides access at the login screen of a locked Mac.

We verified that on macOS High Sierra 10.13.1, “root” user is enabled by default with blank password. For comparison, OS X El Capitan has “root” user disabled by default.

UPDATE:
We verified that previous versions of macOS/OS X/Mac OS X have “root” user disabled by default.

This is similar to the enabled-by-default-with-blank-password “administrator” accounts in Windows XP.

By having “root” user disabled by default, potentially a remote attacker can compromise Macs running macOS High Sierra.

Having said all that, anyone with physical access and the right knowledge can reset local user password.

Posted on

WordPress 4.9 “Tipton”

From WordPress.org:

Version 4.9 of WordPress, named “Tipton” in honor of jazz musician and band leader Billy Tipton, is available for download or update in your WordPress dashboard. New features in 4.9 will smooth your design workflow and keep you safe from coding errors.

I first thought: “Tipton, Glenn Tipton.”
By the way, when are they going to get to “Van Halen”?
If only I were the one in charge of naming WordPress…

Time to get your WordPress updated, again.

Posted on

Apple releases iOS 11.1, watchOS 4.1, tvOS 11.1 and macOS High Sierra 10.13.1

A few days ahead the official iPhone X launch date, Apple releases iOS 11.1, watchOS 4.1, tvOS 11.1 and macOS High Sierra 10.13.1.

These updates includes fix for Key Reinstallation Attacks – KRACK vulnerability.

As we have reported on October 23, 2017 iOS 11.1 build 15B93 was indeed the Golden Master. In addition to that, iOS 11.1 for iPhone X carries a different build number.

Posted on

Apple prepares iOS 11.1 Golden Master Candidate

Apple will start taking pre-orders for iPhone X this Friday, October 27, 2017. iPhone X will be available on November 3, 2017.

According to firstnameatappledotcom, iPhone X will ship with iOS 11.1 (or later). Apple has also seeded iOS 11.1 GM candidates (15B92 and 15B93), publicly labeled as iOS 11.1 beta 4 and beta 5, to Developers and Public Beta testers.

Posted on

iOS 11.1 beta 3: Passcode is Now Required to Trust a Computer

UPDATE: This feature also shows up in iOS 11.0.3

New security feature in iOS 11.1 beta 3:

Passcode, if enabled, is now required to trust a computer.

I don’t remember seeing this message on the phone before other than the usual “Do you want to trust this computer” message.

It is a good security measure to have this on. I know a lot of people who don’t want to be bothered with entering the passcode every time they need to unlock the iPhone; they also think Touch ID is hassle.