Critical Vulnerability in mac-OS High Sierra



A new vulnerability has been reported in the latest version of macOS High Sierra version 10.13.1. The Vulnerability allows to logon into the system without supplying the password with “root” as username. Anyone with physical access or with screen sharing to a macOS machine running version 10.13.1 can access and change personal files on the system without needing any admin credentials. The vulnerability is caused due to a logic error existed in the validation of credentials.


Patch: Apple has released a security update 2017-001 which has fixed the logical error in credential validation. The update is available through Mac App Store.

References:
https://support.apple.com/en-us/HT208315
https://www.us-cert.gov/ncas/current-activity/2017/11/29/Apple-Releases-Security-Update-macOS-High-Sierra
https://9to5mac.com/2017/11/29/macos-root-fix/