High Sierra Root Access Vulnerability

A trivial-to-exploit vulnerability in Apple’s macOS 10.13 (aka High Sierra) allows any user to gain administration privileges.

Threat ID:: CC-1822
Category:: Exploit
Threat Severity:: Medium
Threat Vector:
Published:: 29 November 2017 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

A trivial-to-exploit vulnerability in Apple’s macOS 10.13 (aka High Sierra) allows any user to gain administration privileges.

Affected platforms

The following platforms are known to be affected:

macOS High Sierra

Apple macOS 10.13 (High Sierra)

Threat details

This flaw can be triggered from the authentication dialog box when prompted for an administrator username and password. If “root” is entered as the username and the password field is left blank, hitting the “Enter” key before pressing the “Unlock” button several times gives a user administration rights. This can be done from the user login screen, through system settings or from the command line.

A user with administration rights will have full control over the system. Currently this vulnerability only affects High Sierra.

Remediation steps

Type	Step
	Changing the default root password or disabling the root user profile will prevent exploitation of this vulnerability. Apple has provided a guide for this on their support site HT204012. Users are encouraged to immediately install Apple's Security Update 2017-001.

Last edited: 17 February 2020 11:32 am