有人在 11 月 13 号就发现了 macOS 的 root 用户漏洞……

V2EX = way to explore

V2EX 是一个关于分享和探索的地方

已注册用户请登录

这是一个创建于 2378 天前的主题，其中的信息可能已经有所发展或是发生改变。

https://forums.developer.apple.com/thread/79235
https://i.imgur.com/S635XNs.png

chethan177 Nov 13, 2017 12:48 PM (in response to Taylor E)

Note: This solution might be specific to High Sierra

Try this:

Solution 1:

On startup, click on "Other"

Enter username: root and leave the password empty. Press enter. (Try twice)

If you're able to log in (hurray, you're the admin now), then head over to System Preferences>Users & Groups and create a new Admin account.

Now restart and login to the new Admin Account (you may need a new Apple Id). Once you're logged into this new Admin Id, you can again proceed to your System Preferences>Users & Groups. Open the Lock Icon with your new Admin ID/Password. Assign "Allow user to administer this computer" to your original Apple ID. Restart.

Now login with your original Apple Id. (In case you wish to remove the "Other" login option on startup read this: https://support.apple.com/en-in/HT204012

Solution 2:

If you're unable to login at startup using username: root and empty password, then login with your existing account (standard user).

Again, head over to System Preferences>Users & Groups. Click on the Lock Icon. When prompted for username and password, type username: root and leave the password empty. Press enter. This might >throw an error, but try again immediately with the same username: root and empty password. This should unlock the Lock Icon. If it does, try Solution 1 next.

P.S. Solution 2 worked for me. No idea how or why. Hope this helps.

TL;DR: 有人大概两周前在苹果支持论坛帮别人解决一个问题的时候就用了这个漏洞。这个帖子楼主升级 High Sierra 后所有管理员账户都变成普通账户了。因为没有管理员账户，自然也没法把任何账户提升成管理员。所以一个叫 chethan177 的用户就列出了这个漏洞的步骤好让楼主登陆到默认管理员账户。

所以真不能怪今天在 Twitter 上公布这个漏洞的人……这早就不是 0day 了……

password

this

username

6 条回复 • 2017-11-29 15:48:39 +08:00