Well, to their credit, it didn’t take Apple long to fix their horrendous bug that allowed *anyone* to log into computers running macOS High Sierra with admin rights, without needing to know a password.
The security update – which Apple advises should be installed “as soon as possible” – is being pushed out via the Mac App Store.
Here is how Apple is describing the vulnerability:
Directory Utility
Available for: macOS High Sierra 10.13.1
Not impacted: macOS Sierra 10.12.6 and earlier
Impact: An attacker may be able to bypass administrator authentication without supplying the administrator’s password
Description: A logic error existed in the validation of credentials. This was addressed with improved credential validation.
CVE-2017-13872
To install the security update, simply open Mac App Store and click on the “Updates” tab. All you have to do then is click on “Update”, and you’ll be sorted.
Kudos to Apple for readying a fix so quickly, but a security hole as big as this should never have got past quality control in the first place.
For more discussion on this topic, be sure to listen to this episode of the Smashing Security podcast:
Smashing Security #054: 'A great big fat macOS bug'
Listen on Apple Podcasts | Spotify | Pocket Casts | Other... | RSS
More episodes...
Clearly the Apple chimpanzees were concentrating too much on their latest Shakespearean pastiche!
Appears the 'fix' breaks file sharing for some
https://www.theguardian.com/technology/2017/nov/30/apple-macos-high-sierra-fix-breaks-file-sharing-password-security-flaw-emergency-patch
I don't see how what is described is possible because when you try to log in to a locked mac you cannot enter an arbitrary username – you have to click on an icon for a username. If you have enabled the root user then you get an "other" icon to click on and then you can enter username/password, but if the root user is disabled then you don't get that option. I tried all kinds of things but was unable to get the login prompt for a username. Did I miss something?
If you're not seeing it at the login prompt then just wait until you try to do something which requires elevated privileges after you've logged in. For instance, tinkering with preferences or installing an application.
At that point you're asked to enter credentials with admin privileges and this "root" trick could have been used.