This tweet is currently making rounds on Twitter:
You can access it via System Preferences>Users & Groups>Click the lock to make changes. Then use "root" with no password. And try it for several times. Result is unbelievable!
— Lemi Orhan Ergin (@lemiorhan) November 28, 2017
And yes, that actually works: enter root
as a username, leave the password empty, and *BOOM* you’re in.
The exploit also works at the login screen, and with remote management (Screen Sharing, etc).
UPDATE 2017.11.29: Apple has released a security update, fixing this nasty bug. Open AppStore.app
and check the updates section to download it. No reboot required.
As Mattias detailed a root
with no pass gets created upon testing this. Awaiting a security patch from apple you can lock this user down by explicitly setting a password for its account (using Terminal.app
):
sudo passwd -u root
If you’re not too fond of the shell, follow the instructions from this video.
And to say Apple already had a huge security slip-up with that Disk Utility Bug which showed the password instead of the password hint but this one is much, much worse … #functionalhighground aye?