Oct 28, 2019 vBulletin zero-day and subsequent hacks - An anonymous security researcher released a zero-day in the vBulletin forum software. The vulnerability was. Depending on which operating system and OS version you have, updating may differ. Installing & Updating on macOS. If you're running iOS 13 or later and have a Mac, you'll want to be on at least iTunes 12.9.5, which is included in the macOS Mojave 10.14.5 and 10.14.6 updates. If you have the Mac OS X installer CD handy, it's super easy to change the administrator account's password. Just insert the CD into the target Mac and hold the 'c' key as you boot up the computer.
Sep 25, 2017 Hours before Apple was supposed to launch its new macOS version — codenamed High Sierra (10.13) — Patrick Wardle, a well-known Apple security researcher, former NSA hacker, and Chief Security. In the early years of OS X, the Mac operating system was sold on a DVD. If a user forgot the administrator password, perhaps the simplest way (of several) would be to use that disc to set a new. There's a new macOS vulnerability that hackers within physical reach of your computer can use to gain root access to your system and accounts. Just by using 'root' as the username and a blank password on a privilege escalation prompt, someone can install malware on your computer, access hidden files, reset your passwords, and more. Root access gives them the ability to do anything they want.
Newsletter
Subscribe to our Threatpost Today newsletter
Join thousands of people who receive the latest breaking cybersecurity news every day.
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.
Infosec Insider Post
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
Image credit: Apple
In the early years of OS X, the Mac operating system was sold on a DVD. If a user forgot the administrator password, perhaps the simplest way (of several) would be to use that disc to set a new administrator password and regain control of the Mac. Nowadays, there is no install disc provided with OS X, and so an alternative method is necessary.
___________________
To be clear, there are several technical ways to reset the administrator password on a Mac. Some of them are rather Unix-geeky and can make a novice user nervous. For the sake of completeness, I'll reference those methods at the end of this article. For now, we'll start with the easy ones.
Mac Os Security
I. Use Your Apple ID
When you first set up your Mac or upgraded the OS, The Setup Assistant will ask if you want to allow your Apple ID to reset the user (admin) password. If you did that, the box in System Preferences > Users & Groups was set. See below.
System Preferences > Users & Groups
Now, assuming you've forgotten your password, according to Apple...
If you incorrectly enter your account password at the login window three times, a message appears stating 'If you forgot your password, you can reset it using your Apple ID'. Click the arrow-in-a-circle icon to bring up the 'Reset Password' dialog. Enter your Apple ID and password, then click 'Reset Password' to proceed.
However, if you deselected that box, and later forgot your password, you're out of luck. One reason to deselect the box is extreme security. If, heaven forbid, Apple's system is hacked, your admin password could be compromised. On to the next technique.
II. Use Another Administrator Account
One administrator has the power to reset the password of another administrator. If you've previously set up your Mac with two administrator accounts, highly recommended, you can use the second admin account to login in and reset the password for the first administrator whose password has been forgotten. If you can't do that, on to the next technique.
Mac Os Hacks
III. Recovery Partition
If the techniques above aren't available, a very neat, simple way to reset the administrator password is to make use of the OS X Recovery Partition. This is a hidden partition on your boot drive introduced with OS X 10.7 Lion, so the technique I'll describe works with OS X 10.7 Lion, 10.8 Mountain Lion, OS X 10.9 Mavericks and OS X 10.10 Yosemite.
(The older method, mentioned in the introduction above, uses the install disc for OS X 10.6 Snow Leopard and previous. It's discussed in this Apple support article # PH6317. It's no longer being updated by Apple, but if you're still using Snow Leopard or older, it still works.)
As a reminder, the person who first installed OS X on a Mac (or set it up out of the box) is the administrator. In this scenario, it's assumed that the administrator is you, and you know your account name but forgot the password.
Procedure
1. Restart the Mac.
If it's locked up,see:'Frozen: How to Force the Restart of a Mac.'
2. Right after you hear the chime, press and hold the Command and the R keys for a few seconds, then release. Soon, you'll see the Apple logo and spinning gear (or progress bar in Yosemite).
This will force the Mac to boot into OS X on the Recovery Partition that was created when you installed OS X 10.7 or later.
3. When booting is complete, you'll see a window of 'OS X Utilities.' You won't do anything there. Instead, you'll go to the Menu bar at the top and select Utilities > Terminal.
What you see after booting into Recovery Partition.
Don't worry. You won't have to do anything exotic on the Unix command line.
4. In the terminal window type the following and hit Return.
5. A new window will open, like this:
What you'll see after you enter 'resetpassword'
Click on the 1) volume of interest, 2) select the desired user account name in the popup. Then enter the new password (twice). A password hint is optional. Click 'Save.'
6. Go back to the Apple Menu at the top. Select OS X Utilities > Quit OS X Utilities. That will prompt you to restart the Mac.
If all went well, when the Mac restarts normally, you'll be able to log in to the administrator account with the new password you defined in step #5 above. From there you can manage the rest of of the users if necessary with System Preferences > Users & Groups.
IV. Keychain Reset
The OS X Keychain is where all your passwords are kept securely. If you forget your password, you no longer have access to that Keychain. As a result, when you log back in, you'll be asked to reset your Keychain. A new one will be created and unlocked with your new password. Because of that, you'll find yourself re-entering all the passwords that were stored in your old, now inaccessible Keychain. See Apple support article # PH18681.
V. Apple Support Articles
VI. References
For the more experienced user who may want to explore and learn, there is much more material available on resetting OS X passwords. Some of these other techniques are not as simple and should be practiced on a non-mission critical Mac, being mindful of their context and applicability.
Finally, if you run into a problem and can't navigate your way out, one thing to try is to contact an Apple retail store nearby. Make an appointment with an Apple Genius, and you'll get the help you need.
Note: Before your take your Mac into an Apple store for any repair or procedure, make sure you've made a Time Machine backup.
Alternatively, you can check the Apple Consultants Network.