Apple releases fix for macOS High Sierra privilege escalation flaw

Yesterday on Twitter, developer Lemi Orhan Ergin informed Apple of a major vulnerability in macOS 10.13, also known as High Sierra. Ergin found that on systems in their default configurations, one could simply type "root" as a username in certain privilege-escalation dialogs, leave the password field blank, and then click "Unlock" repeatedly to gain superuser access. Today, Apple has rushed out a patch for the issue.

The basis for the flaw seems to have been that by default in High Sierra, there is no "root" user. Attempting to login as root created that user, who then had superuser permissions—full administrative access, for anyone unfamiliar with UNIX-land terminology. The exploit effectively meant that most Macs running High Sierra were wide open to anyone with physical access to the machine. Other researchers later found that the exploit worked over remote connections if the Remote Desktop feature or VNC was enabled.

Because of how the exploit worked, folks who had already created a root account and set their own password were immune to the flaw. That approach was offered as a workaround for the problem yesterday, and it's not a bad idea in any case to avoid similar issues. However, now that the patch is out this particular security hole should be closed. Any Mac users running macOS should head over to the Mac App Store and check for an update to plug the vulnerability.

Tip: You can use the A/Z keys to walk threads.
View options

This discussion is now closed.