An attacker may be able to bypass administrator authentication without supplying the administrator’s password.
A logic error existed in the validation of credentials. This was addressed with improved credential validation.
CVE: CVE-2017-13872
Available for: macOS High Sierra 10.13.1
Not impacted: macOS Sierra 10.12.6 and earlier
Source: Apple Support
-
Open the launchpad (F4) and find Terminal application
-
Copy the following code in the console:
payload=$(osascript -e 'do shell script "whoami" with administrator privileges user name "root" password ""');if [ "$payload" = "root" ] ; then echo -e "\n\nVulnerable: Please update! \nMore info: https://support.apple.com/es-lamr/HT208315";else echo "Not Vulnerable";fi