An authentication flaw has been discovered in MacOS version 10.13 (High Sierra) and MacOS 10.13.2 beta. A threat actor with remote or physical access to the device can gain administrative privileges by logging in with the user account "root" through System Preferences. Remote attacks require Apple's Remote Desktop Protocol. No password is required and once completed the threat actor will have persistent access to the device.
This is a trivial attack to perform and has a wide range of potential consequences namely, unauthorized access.
What should you do about it
- It is important to never leave your device unattended, especially in public places.
- Enabling the root account and setting the password appears to be the most effective mitigation at this time.
There is not currently a patch for this vulnerability. For mitigation steps and a technical analysis please see the following links:
If you have any questions please reach out to the eSentire Security Operations Center.