MacOS 10.13 High Sierra login security flaw

Nov - 29 2017 | By

A security issue has been found in MacOS High Sierra, 10.13.0, 10.13.1 and 10.13.2 beta.  If a user gains direct access to a Mac running High Sierra they can choose Other User at the sign in screen type in the username field root and leave the password field blank and gain full control of the users Mac.

To gain remote access to a Mac running High Sierra the Mac must have Screen Sharing or Apple Remote Management enabled, these machines would be at the most risk of the flaw.

Apple is working on a update to fix this issue, which was posted on Twitter 11/28/2017.

Fix released by Apple for MacOS 10.13.1 High Sierra, Security Update 2017-001.  To get the update go into the App Store, choose Updates and you should be prompted to install Security Update 2017-001.  A new revision to update 2017-001 was released on November 30th to fix an issue with file sharing.

This post will be updated when Apple releases a fix.  Michael Spice can help with any questions on this issue.