### [CVE-2017-13872](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13872)
![](https://img.shields.io/static/v1?label=Product&message=macOS%20High%20Sierra&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=improper%20access%20control&color=brighgreen)

### Description

An issue was discovered in certain Apple products. macOS High Sierra before Security Update 2017-001 is affected. The issue involves the "Directory Utility" component. It allows attackers to obtain administrator access without a password via certain interactions involving entry of the root user name.

### POC

#### Reference
- https://www.exploit-db.com/exploits/43201/
- https://www.exploit-db.com/exploits/43248/

#### Github
- https://github.com/Ra7mo0on/WHID_Toolkit
- https://github.com/TH3-HUNT3R/Root-MacOS
- https://github.com/axelvf/tools-highsierraroot
- https://github.com/giovannidispoto/CVE-2017-13872-Patch
- https://github.com/ruxzy1/rootOS
- https://github.com/swisskyrepo/WHID_Toolkit
- https://github.com/thehappydinoa/rootOS