A researcher found a bug in MacOS High Sierra that gives attackers full "root" access to your system.
The root account is normally disabled and has no password. In certain conditions the attacker can still access the system with the disabled root account without password (!). There is no solution available yet. There is a workaround though:
- Open the directory utility;
- click the lock icon and authenticate;
- goto the edit menu;
- select "Change root password" and set a strong password.
Do not disable the root user. That makes the bug work again. Just set a strong password and wait for the fix.
The bug is verified to work on MacOS High Sierra 10.13.1.
Update 9:45: The bug is also present in versions 10.31.0 and 10.31.2 beta.
Update11:05: The bug can also be used remotely, when access is granted through Screen Sharing (vnc) or Remote Management.
Update 19:05: Apple has supplied a patch. LISA advises everybody with a vulnerable MacOS system to install the update.
