On the last week of November, Apple was informed of a flaw in MacOS High Sierra. Devices running High Sierra version 10.13.1 allows any person with physical access to the device to login as a root user even without a password. This flaw does not affect devices running MacOS Sierra 10.12.6 and earlier versions.
A Turkish software developer named Lemi Orhan Ergin discovered the vulnerability and disclosed it on Twitter – tweeting AppleSupport. He found out that he was able to login to a Mac with the latest version of High Sierra as its operating system using the username ‘root’ only. No password needed. Just click login several times and the system will allow the unauthenticated access.
In 24 hours of seeing the tweet, Apple fixed the High Sierra vulnerability with a patch that is available as an app on the App Store. The flaw is a logic error in the validation of credentials tracked as CVE-2017-13872. Local users can exploit this flaw, but remote exploitation is possible as well when the device is infected by malware. When a remote user gains access to the network with screen sharing enabled, he can exploit the vulnerability and gain root privileges.
Apple apologized to all Mac users for the error and the problem it has caused. The company is reviewing their development processes to make sure this doesn’t happen again. Apple urged Mac users to get Security Update 2017-001 as soon as possible.
To apply the patch, here are the steps:
1. Open the Terminal app in the Utilities folder of the Applications folder.
2. Type: what /usr/libexec/opendirectoryd and press Return.
3. If you see one of the project version numbers below, the Security Update 2017-001 was installed successfully.
opendirectoryd-483.1.5 on macOS High Sierra 10.13
opendirectoryd-483.20.7 on macOS High Sierra 10.13.1