I don’t normally do ‘breaking news’ but this one’s pretty big. There’s a login flaw in MacOS High Sierra that allows anyone with physical access to a running machine to gain root privileges – we are all root (apologies to the guardians of the galaxy). Details here: https://www.macrumors.com/2017/11/28/macos-high-sierra-bug-admin-access/
The workaround in the story, and from Apple is to set a root password. Historically that has caused other problems, so beware. An alternative appears to be to power off the machine (cold boot – not just suspend or hibernate) when leaving it unattended.
It’s a nice find by the researcher. I doubt we’ll find out the root (pun intended) cause, but it’d be fascinating to know how this happened. It reminds me when I managed to unlock my Grandfather’s new Lincoln by simply pushing all the buttons on the door keypad in order twice. Not a use case that’d show up in testing, but a typical 10-year-old boy could find in 2 minutes.
This is something similar. It looks like it’s a result of several well-intentioned attempts to hide security complexity from the user: architecture choices (use a UNIX core), design choices (hide root from the user), security choices (don’t set a root password), and a new change in high Sierra, all chained together that cause a major security vulnerability. The stuff of nightmares.