A major bug has been found in macOS High Sierra that could give unauthorized users full admin access to a Mac computer without needing a password to do so. When creating a root account, users are prompted to enter administrative credentials for a privileged action.  The affected systems allow the user to merely enter “root” as the username in the authentication dialogue box and does not require a password before creating the root account.  Once penetrated, the threat actor can gain full control over the computer, either locally or remotely.

What Can You Do?
Apple recently released a patch (addressed in Security Update 2017-001) and encourages all macOS High Sierra users to download immediately.  The patch download can be accessed here: https://support.apple.com/en-us/HT208315.  If you require the root user account on your Mac, you will need to re-enable the root user and change the root user’s password after this update.
 BMT IT Managed Services CatchIT logo