OS X: Anyone can login as "root" with an empty password

apple defense force too scared to touch this one, huh?

The silence is outstanding, I can almost read another threads than "perfection" "you need more"

How will mactoddlers ever recover?

Doesn't matter. You can just boot in single user mode, then you have root anyway.

If the attacker has physical access to the machine and it's not encrypted, you're fucked.

eh, what silence. It's a big deal, most of Sup Forums is poorfags without a mac so that's why they don't care.

Don't macs come with ssh preinstalled? Couldn't you just remotely log into any mac and install malware just with their IP?

Admit it, you'd give up security if you could afford a Mac.

No, this seems to require the GUI.

Kek

>notch disaster
>iOS 11 plagued with bugs
>failed faceID during presentation
>login as root without a password
is this the beginning of the end for apple?

No. The only way to enable the root user is through the GUI, when you have physical access to the machine. If the root user got enabled by an attempt to log in as root (the actual bug) then the root user becomes available. SSH comes pre installed, but you'd have to enable it manually on the machine too.

Does this not work (as a regular, intended, non-hack way to do the same thing):

>1. log into single-user mode
>2. create a new admin user with new password
>3. log in with new admin account
>4. enable root user and set password

Too lazy to try, but I don't see why not. Accomplishes the same thing as this exploit, just with a little bit more work (actually, it's a worse 'hole' since it doesn't require an already logged-in user)

FaceID during the presentation was working as intended. They were stupid to show off the phone being used on stage prior in private to some media groups. Because the phone recognized several faces, but didn't recognize the correct face to authenticate, it locked the phone to require a passcode. TouchID does exactly the same, after several incorrect attempts, it locks itself out to prevent being able to test endlessly and force brute entries.

>faceID was working as intended
>didn't unlock the phone
so it's supposed to not work?

Why do people like to pretend Apple products are only for the rich?

Macs all have encrypted drives by default and single user mode won't let you change anything on the boot drive until you decrypt and mount it.

Reposting but who gives a shit:
This exploit only works on 10.13.1 and the beta release. I've tested on 10.12 and Elcap and it doesn't work. That said, it only works on 10.13 if you don't have a admin account.

Did you read? It didn't work because a number of faces prior tried to unlock it. 7 failed attempts = have to enter passcode to prevent bruteforce. The only mistake was to use the stage phone prior to show it off to people.

>t. mactoddler

t. linux soyboy
lmao loser faggot

kek

>mactoddler calling someone else a soyboy
lmao

>lol loser faggot
>posted on my mac

>implying I use crapple hardware
haha stay mad

>fagOS
lmao

>t. buttblasted soygoy cannot withstand rectal pain from xir beloved company's anal probe

>1h 52m
facebook machine

>timesinkOS/wangblows
lmaooo
Sometimes I leave it on for days, it works as a SFTP home server as well. Literally 1 click on the settings menu and it's done I can access all my files from my android phone.