Skip to main content
Posted earlier by community member, @, this vulnerability effectively allows someone with physical access to your machine, to log in. 

 

We spoke with @, our Senior threat research analyst, who had this to say on Twitter

 

1/2 “This is a very surprising bug that evaded the quality control on Mac OS High Sierra. Apparently, it also works on FileVault in the Mac OS, which makes this bug quite problematic.” – @TylerM_Webroot, Sr. threat research analyst. https://t.co/q1ZIVoPCia

— Webroot (@Webroot) November 28, 2017
2/2 “We expect @Apple to release a fix for this vulnerability. In the meantime, any payloads that are found to use this exploit will certainly be added to our threat database to be blocked.” – @TylerM_Webroot, Sr. threat research analyst.

— Webroot (@Webroot) November 28, 2017
It seems that Apple was able to publish a user guide explaining how to defeat the exploit for now. 
Fix released as macOS 10.13.1 :

https://arstechnica.com/gadgets/2017/11/new-security-update-fixes-macos-root-bug/
Thanks for sharing this with everyone @ 
As @ pointed out yesterday here, the recent Apple bug 'fix' now has a bug of its own. 
requires you to reboot as per:

https://support.apple.com/en-us/HT208315

Reply