CVE-2017-13872 Apple macOS High Sierra Authentication Bypass Vulnerability (Zero Day)

漏洞类别:Local

漏洞等级:

漏洞信息

A vulnerability in macOS High Sierra operating system that allows an attacker with physical access to gain system administrator access without entering a password.
The security bug can be triggered via the authentication dialog box in macOS, which prompts you for an administrator’s username and password.

QID Detection Logic (authenticated):
This QID looks for vulnerable version of Apple macOS High Sierra.

漏洞危害

If exploited, the attacker is authenticated into a ‘root’ account and is given full ability to view files and even reset or change passwords for pre-existing users on that machine.

解决方案

The vendor has confirmed the vulnerability but no patch has been released to specifically fix the vulnerability, however vendor has provided a workaround for this HT204012

Leave a Reply