{"id":73054,"date":"2017-12-04T10:07:48","date_gmt":"2017-12-04T18:07:48","guid":{"rendered":"https:\/\/www.intego.com\/mac-security-blog\/?p=73054"},"modified":"2019-06-15T03:01:47","modified_gmt":"2019-06-15T10:01:47","slug":"i-am-root-a-retrospective-on-a-severe-mac-vulnerability","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/i-am-root-a-retrospective-on-a-severe-mac-vulnerability\/","title":{"rendered":"&#8220;I Am Root&#8221;: a retrospective on a severe Mac vulnerability"},"content":{"rendered":"<p style=\"text-align: center;\"><img loading=\"lazy\" class=\"aligncenter size-full wp-image-73057\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/12\/i-am-root-logo.jpg\" alt=\"\" width=\"400\" height=\"300\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/12\/i-am-root-logo.jpg 400w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/12\/i-am-root-logo-150x113.jpg 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/12\/i-am-root-logo-300x225.jpg 300w\" sizes=\"(max-width: 400px) 100vw, 400px\" \/>Image credit: <a href=\"https:\/\/dribbble.com\/shots\/3441716-I-Am-Groot\" target=\"_blank\" rel=\"noopener\">Johnathon Burns<\/a> modified by <a href=\"https:\/\/twitter.com\/Nainterceptor\/status\/935816285811826688\" target=\"_blank\" rel=\"noopener\">Ga\u00ebl\u200f<\/a><\/p>\n<p>On November 28, the world became aware of a major security vulnerability in macOS High Sierra that could allow an attacker to enable the &#8220;root&#8221; administrator account on a victim&#8217;s Mac.<\/p>\n<p>The bug is being called &#8220;<a href=\"https:\/\/twitter.com\/hashtag\/iamroot\" target=\"_blank\" rel=\"noopener\">#IAmRoot<\/a>&#8221; and &#8220;<a href=\"https:\/\/twitter.com\/hashtag\/rootgate\" target=\"_blank\" rel=\"noopener\">#rootgate<\/a>&#8221; in various online discussions.<\/p>\n<p>We first wrote about the vulnerability here:<\/p>\n<blockquote class=\"wp-embedded-content\" data-secret=\"xdQd6DNpD1\"><p><a href=\"https:\/\/www.intego.com\/mac-security-blog\/major-authentication-security-flaw-reported-in-macos-high-sierra\/\">Major Authentication Security Flaw Reported in macOS High Sierra [Update]<\/a><\/p><\/blockquote>\n<p><iframe class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; clip: rect(1px, 1px, 1px, 1px);\" src=\"https:\/\/www.intego.com\/mac-security-blog\/major-authentication-security-flaw-reported-in-macos-high-sierra\/embed\/#?secret=xdQd6DNpD1\" data-secret=\"xdQd6DNpD1\" width=\"500\" height=\"282\" title=\"&#8220;Major Authentication Security Flaw Reported in macOS High Sierra [Update]&#8221; &#8212; The Mac Security Blog\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe><\/p>\n<p>Apple has since <a href=\"https:\/\/support.apple.com\/kb\/DL1942\" target=\"_blank\" rel=\"noopener\">patched<\/a> the bug, but the severity and nature of the vulnerability are so noteworthy as to warrant a much deeper dive into what happened.<\/p>\n<p>? Grab some popcorn and read on for a story that may entertain and amaze you.<\/p>\n<h3>What Is the &#8220;I Am Root&#8221; Vulnerability?<\/h3>\n<p>In unpatched versions of macOS High Sierra 10.13 or 10.13.1, an attacker could invoke a system authentication dialog box, type &#8220;root&#8221; (the name of a powerful UNIX administrator account that&#8217;s disabled by default in macOS), and either enter no password or a password of their choosing, and macOS would enable the root account with the attacker&#8217;s chosen password.<\/p>\n<p style=\"text-align: center;\"><img loading=\"lazy\" class=\"aligncenter size-full wp-image-73063\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/12\/iamroot-attack.gif\" alt=\"\" width=\"600\" height=\"435\" \/>The &#8220;I am root&#8221; attack in action. Image credit: <a href=\"https:\/\/objective-see.com\/blog\/blog_0x24.html\" target=\"_blank\" rel=\"noopener\">Patrick Wardle<\/a><\/p>\n<p>Thus, if you were to leave your Mac unattended for less than a minute, someone could simply walk up to your Mac and make their own personal superuser account without your permission or knowledge.<\/p>\n<p>(As an aside, all it would take is a couple more clicks and the attacker could also enable Remote Login, File Sharing, Screen Sharing, and other features so they can continue to control and exploit your Mac after they walk away. Be sure to read <a href=\"https:\/\/www.intego.com\/mac-security-blog\/how-to-lock-your-mac-screen-and-protect-it-from-prying-eyes\/\" target=\"_blank\" rel=\"noopener\">How to Lock Your Mac Screen and Protect It from Prying Eyes<\/a> for a few basic tips on physical security.)<\/p>\n<p>Under normal circumstances, it would be nearly impossible to create your own administrator account on someone else&#8217;s Mac without having to first authenticate using an existing administrator account or password. This bug changes that in a big way.<\/p>\n<h3>Remote Exploitation<\/h3>\n<p>So, you might be thinking, the answer is to never leave your Mac unattended, right? Although it&#8217;s probably a good idea to keep your Mac in sight for other reasons, unfortunately,\u00a0depending on your system&#8217;s settings, basic\u00a0physical security may not be enough to stop an attacker.<\/p>\n<p>If you had the Screen Sharing feature enabled, then an attacker could even enable the root account <em>without physical access to your Mac<\/em>, as demonstrated in this video by Patrick Wardle:<\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\">If certain sharing services enabled on target &#8211; this attack appears to work ? remote ??\u2620\ufe0f (the login attempt enables\/creates the root account with blank pw) Oh Apple ???? <a href=\"https:\/\/t.co\/lbhzWZLk4v\">pic.twitter.com\/lbhzWZLk4v<\/a><\/p>\n<p>\u2014 patrick wardle (@patrickwardle) <a href=\"https:\/\/twitter.com\/patrickwardle\/status\/935639234437935105?ref_src=twsrc%5Etfw\">November 28, 2017<\/a><\/p><\/blockquote>\n<p>Yes,\u00a0if your Mac had Screen Sharing enabled, then the vulnerability could be exploited by anyone else on your local network. So, for example, your roommate, coworker, or even some miscreant at a public place where you happened to be using Wi-Fi, could\u00a0have\u00a0sat in front of their own Mac laptop and enabled the root account on your computer without your knowledge or permission.<\/p>\n<p>The attacker could then log into your computer as root via Screen Sharing, which would then enable them to turn on Remote Login and File Sharing, as noted above.<\/p>\n<h3>How Did This Vulnerability Become Known?<\/h3>\n<p>The earliest known disclosure of the vulnerability was a <a href=\"https:\/\/web.archive.org\/web\/20171130184413\/https:\/\/forums.developer.apple.com\/thread\/79235\">post<\/a> to the Apple developer forums on November 13, in which a developer shared this as a possible way to enable the root account that had worked for him.<\/p>\n<p>The developer said that he had read about\u00a0this method of enabling root elsewhere on the forums, but when asked to find the original post he wasn&#8217;t able to locate it. He was also apologetic, stating\u00a0that\u00a0he\u00a0hadn&#8217;t realized that\u00a0what he described\u00a0was a major security flaw.<\/p>\n<p><img loading=\"lazy\" class=\"aligncenter size-full wp-image-73066\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/12\/iamroot-first-known-public-description.png\" alt=\"\" width=\"960\" height=\"428\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/12\/iamroot-first-known-public-description.png 960w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/12\/iamroot-first-known-public-description-150x67.png 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/12\/iamroot-first-known-public-description-300x134.png 300w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/12\/iamroot-first-known-public-description-768x342.png 768w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/12\/iamroot-first-known-public-description-657x293.png 657w\" sizes=\"(max-width: 960px) 100vw, 960px\" \/><\/p>\n<p style=\"text-align: center;\">The first\u00a0known\u00a0disclosure of the &#8220;I am root&#8221; bug. Image: Apple via <a href=\"https:\/\/web.archive.org\/web\/20171130184413\/https:\/\/forums.developer.apple.com\/thread\/79235\" target=\"_blank\" rel=\"noopener\">Internet Archive<\/a><\/p>\n<p>A week later, on November 20, a Twitter user shared a video demonstrating the bug on Twitter and tagged Apple in the tweet, but Apple did not respond or take action.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"und\"><a href=\"https:\/\/twitter.com\/hashtag\/Meta?src=hash&amp;ref_src=twsrc%5Etfw\">#Meta<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/ThisIsNotOkay?src=hash&amp;ref_src=twsrc%5Etfw\">#ThisIsNotOkay<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/SecurityThruObscurity?src=hash&amp;ref_src=twsrc%5Etfw\">#SecurityThruObscurity<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/RightToRepair?src=hash&amp;ref_src=twsrc%5Etfw\">#RightToRepair<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/FollowTheMoney?src=hash&amp;ref_src=twsrc%5Etfw\">#FollowTheMoney<\/a> <a href=\"https:\/\/twitter.com\/Apple?ref_src=twsrc%5Etfw\">@Apple<\/a> <a href=\"https:\/\/t.co\/MEUSxGoCX2\">https:\/\/t.co\/MEUSxGoCX2<\/a> <a href=\"https:\/\/twitter.com\/GIPHY?ref_src=twsrc%5Etfw\">@GIPHY<\/a> @* <a href=\"https:\/\/t.co\/QZkcJKNty5\">pic.twitter.com\/QZkcJKNty5<\/a><\/p>\n<p>\u2014 @jeremydmiller78 (@jeremydmiller78) <a href=\"https:\/\/twitter.com\/jeremydmiller78\/status\/932687502053380097?ref_src=twsrc%5Etfw\">November 20, 2017<\/a><\/p><\/blockquote>\n<p>Eight days after that, on November 28, a developer from Turkey posted about it publicly with a much more clear description, and tagged both Apple and Apple Support. This tweet went viral.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\">Dear <a href=\"https:\/\/twitter.com\/AppleSupport?ref_src=twsrc%5Etfw\">@AppleSupport<\/a>, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as &#8220;root&#8221; with empty password after clicking on login button several times. Are you aware of it <a href=\"https:\/\/twitter.com\/Apple?ref_src=twsrc%5Etfw\">@Apple<\/a>?<\/p>\n<p>\u2014 Lemi Orhan Ergin (@lemiorhan) <a href=\"https:\/\/twitter.com\/lemiorhan\/status\/935578694541770752?ref_src=twsrc%5Etfw\">November 28, 2017<\/a><\/p><\/blockquote>\n<p>It is generally considered to be a poor practice to publicly disclose the full details of a vulnerability, including the exact steps required to exploit it, without first privately disclosing the bug to the developer and giving the developer a reasonable amount of time to investigate and fix the issue. This type of full public disclosure leaves all users of a platform vulnerable to a widely known zero-day attack until the developer can release a patch.<\/p>\n<h3>Did Apple Create the Vulnerability?<\/h3>\n<p>The &#8220;I am root&#8221; vulnerability itself seems to have been the result of a programming logic error introduced in macOS High Sierra by Apple&#8217;s development team. For\u00a0those who may be interested in the full technical details, you can read <a href=\"https:\/\/objective-see.com\/blog\/blog_0x24.html\" target=\"_blank\" rel=\"noopener\">this write-up<\/a> by Mac security researcher Patrick Wardle.<\/p>\n<p>But how could Apple have released macOS High Sierra without being aware of such a tremendously serious vulnerability? Has anything like this ever slipped past Apple&#8217;s quality control engineers before?<\/p>\n<h3>Previous Major Flaws in macOS<\/h3>\n<p>The nature of the &#8220;I am root&#8221; bug is reminiscent of the &#8220;goto fail&#8221; vulnerability.<\/p>\n<p>In 2013, early versions of OS X Mavericks 10.9 as well as iOS 6.1 and 7.0 were found to have a very simple programming glitch, specifically the inclusion of a single duplicated line of code, that created a gaping security hole in the operating systems. That one erroneous line of code made it easy for a &#8220;man in the middle&#8221; attacker to maliciously intercept or alter Mac or iOS users&#8217; HTTPS encrypted traffic. (Search for &#8220;goto fail&#8221; in <a href=\"https:\/\/www.intego.com\/mac-security-blog\/the-evolution-of-ios-security-and-privacy-features\/\" target=\"_blank\" rel=\"noopener\">this article<\/a> to learn more.)<\/p>\n<p><img loading=\"lazy\" class=\"size-full wp-image-51103\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/02\/gotofail.png\" alt=\"\" width=\"591\" height=\"81\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/02\/gotofail.png 591w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/02\/gotofail-150x21.png 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/02\/gotofail-300x41.png 300w\" sizes=\"(max-width: 591px) 100vw, 591px\" \/><\/p>\n<p style=\"text-align: center;\">&#8220;goto fail;&#8221;: One duplicated line of code caused a severe security glitch in 2013.<\/p>\n<p>The timing of &#8220;goto fail&#8221; couldn&#8217;t have been worse for Apple, as the bug was revealed shortly after Edward Snowden had turned the spotlight on the National Security Agency&#8217;s alleged mass surveillance of U.S. citizens. Given that Snowden was fresh in people&#8217;s minds, some conspiracy theorists\u00a0hypothesized\u00a0that perhaps\u00a0Apple&#8217;s &#8220;goto fail&#8221; bug might have been evidence of collusion with the U.S. government\u00a0(notably, there was never any evidence to support\u00a0this\u00a0conspiracy theory).<\/p>\n<p>Like &#8220;goto fail,&#8221; the &#8220;I am root&#8221; bug seems to have been caused by a fairly simple programming error\u00a0made by Apple engineers that wasn&#8217;t\u00a0noticed until after\u00a0the\u00a0operating system\u00a0was released.<\/p>\n<h3>Apple&#8217;s Apology<\/h3>\n<p>After releasing the patch, Apple gave the following <a href=\"http:\/\/fortune.com\/2017\/11\/29\/apple-apologizes-patching-security-hole-that-lets-anyone-log-on-to-any-mac-our-customers-deserve-better\/\" target=\"_blank\" rel=\"noopener\">statement<\/a> to news outlets on Wednesday, November 29, apologizing for the vulnerability:<\/p>\n<blockquote><p>Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS.<\/p>\n<p>When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. This morning, as of 8 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.<\/p>\n<p>We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.<\/p><\/blockquote>\n<h3>Conclusion (Let&#8217;s Hope)<\/h3>\n<p>Apple deserves credit for being so quick to release a patch for the vulnerability after knowledge of the bug went viral.<\/p>\n<p>It&#8217;s also great that Apple chose to apply the patch automatically to affected systems. (If you&#8217;re not sure whether your systems have been patched, scroll to the bottom of our <a href=\"https:\/\/www.intego.com\/mac-security-blog\/major-authentication-security-flaw-reported-in-macos-high-sierra\/\" target=\"_blank\" rel=\"noopener\">initial article about the vulnerability<\/a>\u00a0to find out how to check.)<\/p>\n<p><img loading=\"lazy\" class=\"aligncenter size-full wp-image-73060\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/12\/iamroot-update-available.jpg\" alt=\"\" width=\"678\" height=\"122\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/12\/iamroot-update-available.jpg 678w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/12\/iamroot-update-available-150x27.jpg 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/12\/iamroot-update-available-300x54.jpg 300w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/12\/iamroot-update-available-657x118.jpg 657w\" sizes=\"(max-width: 678px) 100vw, 678px\" \/><\/p>\n<p style=\"text-align: center;\">Apple\u00a0began installing the security update automatically on November 29.<\/p>\n<p>Although it&#8217;s pleasing to hear that Apple is &#8220;auditing [its] development processes,&#8221; one has to wonder why this higher level of scrutiny wasn&#8217;t already in place four years ago after &#8220;goto fail&#8221; became known to the public.<\/p>\n<p>Between this and the Keychain password exfiltration-enabling bug discovered in <a href=\"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-september-2017\/\" target=\"_blank\" rel=\"noopener\">September<\/a>, Apple has been having a bit of a rocky start with High Sierra.<\/p>\n<p>Let&#8217;s hope that Apple keeps its promise and dedicates more resources to keeping major, preventable security flaws from making their way into its operating systems.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Image credit: Johnathon Burns modified by Ga\u00ebl\u200f On November 28, the world became aware of a major security vulnerability in macOS High Sierra that could allow an attacker to enable the &#8220;root&#8221; administrator account on a victim&#8217;s Mac. The bug is being called &#8220;#IAmRoot&#8221; and &#8220;#rootgate&#8221; in various online discussions. We first wrote about the [&hellip;]<\/p>\n","protected":false},"author":14,"featured_media":73291,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[7,151,5],"tags":[3793,3802,3805,143],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v17.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<meta name=\"description\" content=\"Image credit: Johnathon Burns modified by Ga\u00ebl\u200f On November 28, the world became aware of a major security vulnerability in macOS High Sierra that could\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intego.com\/mac-security-blog\/i-am-root-a-retrospective-on-a-severe-mac-vulnerability\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"&quot;I Am Root&quot;: a retrospective on a severe Mac vulnerability - The Mac Security Blog\" \/>\n<meta property=\"og:description\" content=\"Image credit: Johnathon Burns modified by Ga\u00ebl\u200f On November 28, the world became aware of a major security vulnerability in macOS High Sierra that could\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intego.com\/mac-security-blog\/i-am-root-a-retrospective-on-a-severe-mac-vulnerability\/\" \/>\n<meta property=\"og:site_name\" content=\"The Mac Security Blog\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/JoshLong\" \/>\n<meta property=\"article:published_time\" content=\"2017-12-04T18:07:48+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-06-15T10:01:47+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/12\/root-mac-vulnerability.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"400\" \/>\n\t<meta property=\"og:image:height\" content=\"260\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@theJoshMeister\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Joshua Long\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\",\"name\":\"Intego\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"sameAs\":[],\"logo\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"width\":875,\"height\":875,\"caption\":\"Intego\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\"}},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"name\":\"The Mac Security Blog\",\"description\":\"Keep Macs safe from the dangers of the Internet\",\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/i-am-root-a-retrospective-on-a-severe-mac-vulnerability\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/12\/root-mac-vulnerability.jpg\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/12\/root-mac-vulnerability.jpg\",\"width\":400,\"height\":260,\"caption\":\"Root Mac Vulnerability\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/i-am-root-a-retrospective-on-a-severe-mac-vulnerability\/#webpage\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/i-am-root-a-retrospective-on-a-severe-mac-vulnerability\/\",\"name\":\"\\\"I Am Root\\\": a retrospective on a severe Mac vulnerability - The Mac Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/i-am-root-a-retrospective-on-a-severe-mac-vulnerability\/#primaryimage\"},\"datePublished\":\"2017-12-04T18:07:48+00:00\",\"dateModified\":\"2019-06-15T10:01:47+00:00\",\"description\":\"Image credit: Johnathon Burns modified by Ga\\u00ebl\\u200f On November 28, the world became aware of a major security vulnerability in macOS High Sierra that could\",\"breadcrumb\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/i-am-root-a-retrospective-on-a-severe-mac-vulnerability\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/i-am-root-a-retrospective-on-a-severe-mac-vulnerability\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/i-am-root-a-retrospective-on-a-severe-mac-vulnerability\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.intego.com\/mac-security-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"&#8220;I Am Root&#8221;: a retrospective on a severe Mac vulnerability\"}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/i-am-root-a-retrospective-on-a-severe-mac-vulnerability\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/i-am-root-a-retrospective-on-a-severe-mac-vulnerability\/#webpage\"},\"author\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/dcf592275ba6edde8d20f1e60029c6b1\"},\"headline\":\"&#8220;I Am Root&#8221;: a retrospective on a severe Mac vulnerability\",\"datePublished\":\"2017-12-04T18:07:48+00:00\",\"dateModified\":\"2019-06-15T10:01:47+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/i-am-root-a-retrospective-on-a-severe-mac-vulnerability\/#webpage\"},\"wordCount\":1436,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/i-am-root-a-retrospective-on-a-severe-mac-vulnerability\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/12\/root-mac-vulnerability.jpg\",\"keywords\":[\"Authentication\",\"IAmRoot\",\"Rootgate\",\"Vulnerabilities\"],\"articleSection\":[\"Apple\",\"Recommended\",\"Security News\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/i-am-root-a-retrospective-on-a-severe-mac-vulnerability\/#respond\"]}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/dcf592275ba6edde8d20f1e60029c6b1\",\"name\":\"Joshua Long\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/5ad29f4111ce14911abaa98cbbcdea42?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/5ad29f4111ce14911abaa98cbbcdea42?s=96&d=mm&r=g\",\"caption\":\"Joshua Long\"},\"description\":\"Joshua Long (@theJoshMeister), formerly Intego\\u2019s Chief Security Analyst, is a renowned security researcher and writer, and an award-winning public speaker. Josh has a master\\u2019s degree in IT concentrating in Internet Security and has taken doctorate-level coursework in Information Security. Apple has publicly acknowledged Josh for discovering an Apple\\u00a0ID authentication vulnerability. Josh has conducted cybersecurity research for well over 25 years, which is often featured by major news outlets worldwide. Keep up with Josh via X\/Twitter, LinkedIn, Facebook, Instagram, YouTube, Patreon, Mastodon, the JoshMeister on Security, and more. \\u2014\",\"sameAs\":[\"https:\/\/security.thejoshmeister.com\",\"https:\/\/www.facebook.com\/JoshLong\",\"https:\/\/www.instagram.com\/thejoshmeister\/\",\"https:\/\/www.linkedin.com\/in\/thejoshmeister\",\"https:\/\/www.pinterest.com\/thejoshmeister\/\",\"https:\/\/twitter.com\/theJoshMeister\",\"https:\/\/www.youtube.com\/@theJoshMeister\"],\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/author\/joshlong\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"description":"Image credit: Johnathon Burns modified by Ga\u00ebl\u200f On November 28, the world became aware of a major security vulnerability in macOS High Sierra that could","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intego.com\/mac-security-blog\/i-am-root-a-retrospective-on-a-severe-mac-vulnerability\/","og_locale":"en_US","og_type":"article","og_title":"\"I Am Root\": a retrospective on a severe Mac vulnerability - The Mac Security Blog","og_description":"Image credit: Johnathon Burns modified by Ga\u00ebl\u200f On November 28, the world became aware of a major security vulnerability in macOS High Sierra that could","og_url":"https:\/\/www.intego.com\/mac-security-blog\/i-am-root-a-retrospective-on-a-severe-mac-vulnerability\/","og_site_name":"The Mac Security Blog","article_author":"https:\/\/www.facebook.com\/JoshLong","article_published_time":"2017-12-04T18:07:48+00:00","article_modified_time":"2019-06-15T10:01:47+00:00","og_image":[{"width":400,"height":260,"url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/12\/root-mac-vulnerability.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_creator":"@theJoshMeister","twitter_misc":{"Written by":"Joshua Long","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Organization","@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization","name":"Intego","url":"https:\/\/www.intego.com\/mac-security-blog\/","sameAs":[],"logo":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","width":875,"height":875,"caption":"Intego"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo"}},{"@type":"WebSite","@id":"https:\/\/www.intego.com\/mac-security-blog\/#website","url":"https:\/\/www.intego.com\/mac-security-blog\/","name":"The Mac Security Blog","description":"Keep Macs safe from the dangers of the Internet","publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/i-am-root-a-retrospective-on-a-severe-mac-vulnerability\/#primaryimage","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/12\/root-mac-vulnerability.jpg","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/12\/root-mac-vulnerability.jpg","width":400,"height":260,"caption":"Root Mac Vulnerability"},{"@type":"WebPage","@id":"https:\/\/www.intego.com\/mac-security-blog\/i-am-root-a-retrospective-on-a-severe-mac-vulnerability\/#webpage","url":"https:\/\/www.intego.com\/mac-security-blog\/i-am-root-a-retrospective-on-a-severe-mac-vulnerability\/","name":"\"I Am Root\": a retrospective on a severe Mac vulnerability - The Mac Security Blog","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/i-am-root-a-retrospective-on-a-severe-mac-vulnerability\/#primaryimage"},"datePublished":"2017-12-04T18:07:48+00:00","dateModified":"2019-06-15T10:01:47+00:00","description":"Image credit: Johnathon Burns modified by Ga\u00ebl\u200f On November 28, the world became aware of a major security vulnerability in macOS High Sierra that could","breadcrumb":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/i-am-root-a-retrospective-on-a-severe-mac-vulnerability\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intego.com\/mac-security-blog\/i-am-root-a-retrospective-on-a-severe-mac-vulnerability\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.intego.com\/mac-security-blog\/i-am-root-a-retrospective-on-a-severe-mac-vulnerability\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.intego.com\/mac-security-blog\/"},{"@type":"ListItem","position":2,"name":"&#8220;I Am Root&#8221;: a retrospective on a severe Mac vulnerability"}]},{"@type":"Article","@id":"https:\/\/www.intego.com\/mac-security-blog\/i-am-root-a-retrospective-on-a-severe-mac-vulnerability\/#article","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/i-am-root-a-retrospective-on-a-severe-mac-vulnerability\/#webpage"},"author":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/dcf592275ba6edde8d20f1e60029c6b1"},"headline":"&#8220;I Am Root&#8221;: a retrospective on a severe Mac vulnerability","datePublished":"2017-12-04T18:07:48+00:00","dateModified":"2019-06-15T10:01:47+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/i-am-root-a-retrospective-on-a-severe-mac-vulnerability\/#webpage"},"wordCount":1436,"commentCount":0,"publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/i-am-root-a-retrospective-on-a-severe-mac-vulnerability\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/12\/root-mac-vulnerability.jpg","keywords":["Authentication","IAmRoot","Rootgate","Vulnerabilities"],"articleSection":["Apple","Recommended","Security News"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.intego.com\/mac-security-blog\/i-am-root-a-retrospective-on-a-severe-mac-vulnerability\/#respond"]}]},{"@type":"Person","@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/dcf592275ba6edde8d20f1e60029c6b1","name":"Joshua Long","image":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#personlogo","inLanguage":"en-US","url":"https:\/\/secure.gravatar.com\/avatar\/5ad29f4111ce14911abaa98cbbcdea42?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5ad29f4111ce14911abaa98cbbcdea42?s=96&d=mm&r=g","caption":"Joshua Long"},"description":"Joshua Long (@theJoshMeister), formerly Intego\u2019s Chief Security Analyst, is a renowned security researcher and writer, and an award-winning public speaker. Josh has a master\u2019s degree in IT concentrating in Internet Security and has taken doctorate-level coursework in Information Security. Apple has publicly acknowledged Josh for discovering an Apple\u00a0ID authentication vulnerability. Josh has conducted cybersecurity research for well over 25 years, which is often featured by major news outlets worldwide. Keep up with Josh via X\/Twitter, LinkedIn, Facebook, Instagram, YouTube, Patreon, Mastodon, the JoshMeister on Security, and more. \u2014","sameAs":["https:\/\/security.thejoshmeister.com","https:\/\/www.facebook.com\/JoshLong","https:\/\/www.instagram.com\/thejoshmeister\/","https:\/\/www.linkedin.com\/in\/thejoshmeister","https:\/\/www.pinterest.com\/thejoshmeister\/","https:\/\/twitter.com\/theJoshMeister","https:\/\/www.youtube.com\/@theJoshMeister"],"url":"https:\/\/www.intego.com\/mac-security-blog\/author\/joshlong\/"}]}},"jetpack_featured_media_url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/12\/root-mac-vulnerability.jpg","jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p4VAYd-j0i","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/73054"}],"collection":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/users\/14"}],"replies":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/comments?post=73054"}],"version-history":[{"count":7,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/73054\/revisions"}],"predecessor-version":[{"id":88255,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/73054\/revisions\/88255"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media\/73291"}],"wp:attachment":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media?parent=73054"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/categories?post=73054"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/tags?post=73054"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}