Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as "root" with empty password after clicking on login button several times. Are you aware of it @Apple?
Show this thread
-
Responsible disclosure is the most important part of disclosure.
Responsible disclosure is a choice, not a requirement. Heck, half the time it doesn't even work at all and makes everyone less safe by delaying action. In this case? The vuln is trivial enough and embarrassing enough (but limited; needs local access) that I'd say it's a wash.
-
-
Exactly and not to mention that many researchers have faced legal threats and prosecution.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
This does not require local access. It's exploitable remotely if "Screen Sharing" is enabled. Other sharing services may also be affected (authentication bypass).
-
By that do you mean the authentication bypass on the *initial* connection to the screen or just escalation once already connected?
- Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.