Share this article on:
Earlier this week, Apple discovered an embarrassing flaw in MacOS High Sierra that allows anyone with access to the device, and potentially remote users, to gain access as a root user without a password. The flaw only affects devices running High Sierra version 10.13.1. MacOS Sierra 10.12.6 and earlier versions are unaffected.
The High Sierra vulnerability was discovered by a Turkish software developer, who disclosed the flaw on Twitter in a Tweet to @AppleSupport. Lemi Orhan Ergin discovered that it was possible to login to a Mac running the latest High Sierra version of its operating system with the user name ‘root’ without the need for a password. Simply adding root as the username and clicking login several times allowed an unauthenticated user to login using the root account.
Within 24 hours to the tweet being sent, Apple issued a patch to fix the High Sierra vulnerability, which is available via the App Store app. The vulnerability is a logic error in the validation of credentials., which is tracked as CVE-2017-13872.
While the flaw could be exploited by a local user, remote exploitation is also possible if the device has been infected with malware. If screen sharing is enabled, a remote user that has already gained access to the network could potentially exploit the flaw and gain root privileges.
Apple has issued an apology to customers for the error. An Apple spokesperson said, “We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.” Apple has urged users to apply the patch – Security Update 2017-001 – as soon as possible.
Apple will be installing the patch automatically today. Users should check to make sure the patch has been applied, using the steps detailed below:
- Open the Terminal app, which is in the Utilities folder of your Applications folder.
- Type: what /usr/libexec/opendirectoryd and press Return.
- If Security Update 2017-001 was installed successfully, you will see one of these project version numbers:
opendirectoryd-483.1.5 on macOS High Sierra 10.13
opendirectoryd-483.20.7 on macOS High Sierra 10.13.1