An authentication flaw has been discovered in MacOS version 10.13 (High Sierra) and MacOS 10.13.2 beta. A threat actor with remote or physical access to the device can gain administrative privileges by logging in with the user account "root" through System Preferences. Remote attacks require Apple's Remote Desktop Protocol. No password is required and once completed the threat actor will have persistent access to the device.  

This is a trivial attack to perform and has a wide range of potential consequences namely, unauthorized access.

 

What should you do about it

  • It is important to never leave your device unattended, especially in public places.
  • Enabling the root account and setting the password appears to be the most effective mitigation at this time.

 

Additional information

There is not currently a patch for this vulnerability. For mitigation steps and a technical analysis please see the following links:

[1] https://support.apple.com/en-us/HT204012

      https://www.macrumors.com/how-to/temporarily-fix-macos-high-sierra-root-bug/

 

If you have any questions please reach out to the eSentire Security Operations Center.

eSentire Media Contacts

Mandy Bachus | eSentire | [email protected] | +1 519.651.2200 x5226 | @MandyBachus

Angela Tuzzo | MRB Public Relations | [email protected] | +1 732.758.1100 x105 | @MRB_PR

Ready to start the conversation about cybersecurity?
Talk to us today.
Let's Talk