A vulnerability in macOS High Sierra operating system that allows an attacker with physical access to gain system administrator access without entering a password.
The security bug can be triggered via the authentication dialog box in macOS, which prompts you for an administrator’s username and password.
QID Detection Logic (authenticated):
This QID looks for vulnerable version of Apple macOS High Sierra.
If exploited, the attacker is authenticated into a ‘root’ account and is given full ability to view files and even reset or change passwords for pre-existing users on that machine.
The vendor has confirmed the vulnerability but no patch has been released to specifically fix the vulnerability, however vendor has provided a workaround for this HT204012