Update: An official patch from Apple has at this time been released. See details here - https://support.apple.com/en-us/HT208315.
A new Mac OSX vulnerability that impacts OSX High Sierra was released yesterday. The bug allows for the ability to login as root on any 10.13.1 computer.
Ryan O’Connor, Hurricane Labs Splunk & Security Consultant, along with TJ (Management Information Systems major at the UConn School of Business) took note of the vulnerability and were surprised that there was no immediate patch for it (as of 9:36AM today).
They decided to do a live demo to show what they were looking at, as well as tips on how to patch this bug.
Live Test and Patch Demo:
During the demo, Ryan and TJ go through multiple tests. They looked at what can be done to patch as well as how to test that patch.
Patch, patch, patch!
Those who have not changed their root passwords are currently open to this vulnerability. After this live demo of the new Mac OSX vulnerability, we hope you’re all out there right now changing your root passwords or installing the newly announced patch.
Any questions/comments/concerns please reach out to us on Twitter (@hurricanelabs) and you can always shoot Ryan an email at firstname.lastname@example.org.