Is physical access required or can Remote Access also exploit this vulnerability?
At first, it appeared that physical access was required. It now appears this is not the case. If a user can be tricked into running a malicious app or shell script, the malicious app or shell script can silently enable the root user and then make any changes whatsoever to the system.
You will still need to trick the user into running malicious code, however.
