Erez Kalman

Ooops I Mac’ed it again…

/in /by

Apple Root Bypass

Apple, like other companies, has had its fair share of security vulnerabilities.

Granted – there is no such thing as 100% security and Apple, in my opinion, is one company that usually takes software security engineering very seriously.

 

But then again there are vulnerabilities like this one from December 2009 (iOS devices have default root account: alpine) and the latest and greatest, released within the last 12 hours of this post, allowing trivial access to the root account on Mac (confirmed on High Sierra) by simply entering the user root in the user field and repeatedly pressing the Enter key on the keyboard.

The fix seems to set the root account password (may require enabling the account first).

 

Now, let’s try to figure out what happened – The most likely reason is one of the below:

  1. The passwords are stored in a reversible fashion (rather than nonreversible such as PBKDF2, Bcrypt, etc..) – The worst possibility, I doubt this is the case
  2. The password authentication routine has a serious bug – How could their QA / code review teams miss this?

 

The world continues to evolve and hopefully, companies will understand that security isn’t just the appearance of security which in this writers opinion Apple usually does take very seriously.