A critical security vulnerability in macOS High Sierra makes it very easy for an attacker with physical access to a locked Mac to login with root. In specific cases it’s also possible to exploit the vulnerability remotely. When the OS asks for an username and password it’s sufficient to use root as username and to leave the password field empty.
By clicking unlock two times, the user receives administors rights. According to security researcher Patrick Wardle it’s also possible to abuse the vulnerability when sharing services like Remote Desktop or VNC are enabled. A security researcher that goes by the alias cstone reports the bug isn’t limited to accounts. On Twitter he explains how it’s possible to login with existing accounts through Apple Remote Desktop. As soon as an attacker obtains root access it’s possible to disable Apple’s disk encryption FileVault.
The vulnerability was already reported on Apple’s developer forum on the 13th of November but is big news since security researcher Lemi Orhan Ergin warned about it on Twitter yesterday.
Apple already has a fix available that solves the issue.