OSX security lole

OSX security lole

Attached: screenshot 362.png (2560x1080, 2.08M)

>(under single user mode)
>(under single user mode)
>(under single user mode)
>(under recovery)

This is literally no different from any other OS, be it Windows, Linux distros, or even FreeBSD. No desktop OS attempts to prevent reset using local-access. People are dumb and will forget passwords, we have this for a reason.

ITODDLERS BTFO

Attached: images.jpg (253x199, 9K)

method 1 (requires old password):

(under single user mode)

mount -uw /
launchctl load /System/Library/LaunchDaemons/com.apple.opendirectoryd.plist
passwd username
reboot

or

method 2 (doesn't work, the plist file doesn't exist under this directory anymore):

(under single user mode)

mount -uw /
launchctl load /System/Library/LaunchDaemons/com.apple.DirectoryServices.plist
passwd username
reboot

or

method 3 (works, prompts a mac setup screen on the next boot, old user's password can be reset under system preferences afterwards):

(under single user mode)

mount -uw /
rm /var/db/.AppleSetupDone
reboot

or

method 4 (probably works lol):

(under recovery)
Type “resetpassword” in the Terminal window and hit enter.


single user mode (parallels desktop boot flags)
devices.mac.boot_args="-s"

if anyone wants to try it out

Yeah I know you can just boot into safe mode on windows or change the sticky keys executable for cmd and get to it without even getting through the login screen. I just find it dumb whenever someone says OSX is safe lol.
I feel like, even if it's a desktop system companies like Apple and microsoft should't let this even be possible. I mean like, today we have biometry and 2FA so there's no excuse like "oh but users are dumb and forget their keys".

>I feel like, even if it's a desktop system companies like Apple and microsoft should't let this even be possible. I mean like, today we have biometry and 2FA so there's no excuse like "oh but users are dumb and forget their keys".
Once again, dumb normies ruin everything.

that's why people encrypt their data and set firmware passwords, user. so if the computer was powered down you can't do any of that.

Yeah but your average user doesn't know/use encryption sooo....

Attached: image0.jpg (620x602, 52K)

doesn't OSX use encryption by default?

I believe macs with APFS formatted drives are encrypted by default however, this was a APFS volume and when I reset the old user's password and then logged into it with the new pass, all files were accessible. Maybe, as I've heard, the T2 chip allows macs to use touchID to enemcrypt the drives during login. But, I'm not sure if that's even relevant you see, what if OSX doesn't prompt you to use touchID and also lets you login using a regular password? this completely defeats the purpose of the fingerprint sensor.
Since I don't have a real mac with touchID I can't test this, but it's not like I'd ever buy trash. I'll stick to my hackintosh.

Attached: 5fcc02528df0814426411031aaea0672a2307f8463c451d57ea47013a99fa828.jpg (1080x1080, 191K)

so basically apple is justifying higher price tags on new macs with useless security features?

based

>jumps 300 hoops with physical/admin access and know old password
>security hole
jesus christ how pathetic

TouchID doesn't encrypt. Mac users (with actual Mac hardware) are prompted when they start up their computer for the first time to set up FileVault 2. Ontop of that Macs with the T2 chip have hardware based encryption on top of that. TouchID only works after you've already logged in once after booting up, and if you've lastly used your Mac within the last 24 hours. It doesn't unencrypt using TouchID. Unlocking a drive, on a software level occurs when logging in from the machine being turned off.

You're not prompted to give a username and password on OSX when you boot into single user mode or recovery.

Attached: screenshot 363.png (1552x1050, 372K)

>"root device is mounted read only"

I know how to read user!
Anyways, the only purpose of that screenshot was to show that you can do it without knowing the old admin's password as mentioned.

I'm pretty sure that no password is prompted by design if you enter recovery or single user mode. You can wipe the drive in recovery if needed, as well as disable/enable system integrity protection. The idea behind recovery is that it has full access over the hardware (can't read encrypted containers though) so that you can set it back up correctly if necessary. You need root access to reinstall macOS. It's not a vulnerability since you cannot change anything on the drive itself if you do not have the password.

Most people don't need to encrypt anything. It's there for those who have security controls requiring encryption.

it's not a security loophole, it's that way by design
if you want actual security, encrypt your drive using filevault

It still allows someone who stole your machine to gain access to your files as long as they know how to use recovery. So it's a vulnerability no matter the operating system. And the "just use encryption bro" argument is kinda meh, I mean, is it easy to setup? yeah sure, but we have to think about the dumb/lazy users user! I mean, why the fuck would companies like microsoft/apple/canonical/red hat etc.. design systems to behave like this? why can't they just use 2FA (regular password + fingerprint) and prevent password resets unless the owner of the machine confirms the action through windows hello/touchID whatever?

users are prompted to turn on FileVault when creating a user account/installing the OS, so yes, it is easy to set up

Also, I'm pretty sure every single OS is this way by default
Works on all GNU/Linux or BSD OSes I've ever tried

>mv osk.exe osk.exe.bk
>cp cmd.exe osk.exe
>reboot
>click onscreen keyboard button
>type in net user user new_pass
>enter the new username on the login screen
>log in
micropajeets btfo

I got kicked out of the apple store but i have the employee information on my thumbdrive, will upload to mega after I get back

>OSX anything

Attached: drop_down_menu_0.gif (600x338, 2.18M)

Well, I've never been prompted to setup filevault when installing OSX or creating a user account.
But I still want to know how touchID works on real hardware because didn't really explain it properly.
What happens when you boot up the system and get to the login screen? does it allow you to login only by using the fingerprint sensor or can you just type the password down aswell? what happens when you reset a user's password? does it still ask for touchID confirmation upon the next login with the new password? does it reset touchID aswell?
yeah I already mentioned that you can do that
lmao

applel

is there even a way on linux to prevent someone from changing user's password or even booting into recovery at all with another password?

Attached: 1542354153201.jpg (1024x1004, 60K)

Not a vulnerability, it's by design, that's why if you really care about the security of your system, you encrypt the boot drive so that you have to enter the decryption password before you can locally access the drive the OS sits on. LUKS encryption with Linux, Veracrypt with Windows, FileVault on MacOS etc.

Do these work in 10.4?

Only a problem if the home directory isn't encrypted. There are bootable flash drives and CDs that automatically remove every password on a Windows installation, a user account password is nothing without proper encryption of user data.

When you boot up the machine, you have to put in the password. TouchID can only be used when waking for sleep. It works very similar to how it is on an iPhone.

based satania poster

technically there is a way to keep them from booting into recovery by deleting it but if someone has physical access to your computer they are pretty much guaranteed to get in.

Attached: apple-solid-security.webm (964x720, 1.42M)

You have to set up encryption yourself, like in most OSs, it is not on by default.

Attached: file.png (1218x402, 103K)

encrypt disk, just like in macos
this

lmao

yikes

Attached: D23F368B-408E-44E4-A61E-E5E3521D5D96.png (960x639, 284K)

please tell me this is fake

Attached: image (1).png (376x376, 13K)

WTF is wrong with "PoC"?

Even with my hard drive encrypted, I set a firmware password so that my MacBook is utterly useless to anyone who decides to steal it. Can’t wipe the drive and can’t boot off an external disk.

It was real but they released a patch for it the same day it was discovered.

Also, it was a GUI error in Disk Utility only, the text field for password was incorrectly assigned to the hint. If your APFS volume/container was made through terminal commands or when you initially set up your computer, you didn't have this issue.

>It still allows someone who stole your machine to gain access to your files as long as you didn't encrypt your drive.
I don't even like Apple, but man, you are stupid.

Why would you call somebody a piece of crap?

Someone user doesn't like used to word so it's now forbidden. user is a hypocrite who doesn't realize that he's acting just like your average sjw by mocking words other people use.

Typical fuckup for unix and unix-like OS.

Attached: banner-014.png (650x300, 44K)