This tweet is currently making rounds on Twitter:
— Lemi Orhan Ergin (@lemiorhan) November 28, 2017
And yes, that actually works: enter
root as a username, leave the password empty, and *BOOM* you’re in.
The exploit also works at the login screen, and with remote management (Screen Sharing, etc).
UPDATE 2017.11.29: Apple has released a security update, fixing this nasty bug. Open
AppStore.app and check the updates section to download it. No reboot required.
As Mattias detailed a
root with no pass gets created upon testing this. Awaiting a security patch from apple you can lock this user down by explicitly setting a password for its account (using
sudo passwd -u root
If you’re not too fond of the shell, follow the instructions from this video.
And to say Apple already had a huge security slip-up with that Disk Utility Bug which showed the password instead of the password hint but this one is much, much worse … #functionalhighground aye?