MacOS High Sierra login bug

Intro

If you’ve been following security news, you’d know that Mac OS High Sierra has a security bug. Most of the articles have done a fine job explaining all the fluff, so I’ll get straight to the point.

If you have no password for the root account (as is the case for most users, since they haven’t explicitly set up a root account and password on their system), then Mac will accept a blank password for logging into root.

A demo is better than a 1000 words, and I’ll show you one real quick-

Demo

Step 1 : Go to a place requiring admin privilege authentication. For example, Users and Groups in System Preferences.

Step 2 : Click on the lock, and you’d be prompted to login.

Step 3 : Change username to root, leave the password field blank (After changing username to root, press tab to move to the password field, then tab again to go back to username field, and then click unlock, otherwise this won’t work).

That’s it. You can get creative regarding what all you can accomplish with this. I haven’t tried it, but I’ve heard that this attack (bug :p) works remotely!

Fix

Seeing as how this bug puts your system at risk, I’m sure you are curious as to how to fix it. One way is to give your root account a password.

However, on 29th Nov apple released a security update for this bug. We’ll simply use that. Here’s the update –

https://support.apple.com/en-us/HT208315

(the section below uses info from the linked page)

Let’s first check if the update is installed.

For that, type this on your terminal and hit enter-

what /usr/libexec/opendirectoryd

If your output is something like this, then you have an old version of the update installed-

If it’s one of these two, or a more recent version (higher numbers), then you’re good

opendirectoryd-483.1.5 on macOS High Sierra 10.13opendirectoryd-483.20.7 on macOS High Sierra 10.13.1
So, if you have and old version like me, let’s head to the app store and install the update.

Sure enough, here’s the update we need. It’ll take a bit to get installed.