30
Nov
2017

Critical Apple Security Vulnerability

Please be aware that there is a vulnerability which affects Apple’s MacOS High Sierra,
allowing root access to the system without a password.

This issue affects MacOS High Sierra 10.13.0,
 MacOS High Sierra 10.13.1 and MacOS High Sierra 10.13.2 Beta

You can check the version of MacOS you are running through the following steps,

  1. from the desktop, click the  icon on the lefthand side of the menubar
  2. Click About This Mac,
  3. you will be presented with a small window saying MacOS followed by the version name,
    e.g. MacOS Sierra or MacOS High Sierra,
  4. below this will be the specific version you are running which will be in the format 10.x.x

If you are running an ITS Managed Mac,
this vulnerability does not affect you.

Apple have released a security update to fix this critical vulnerability,
The Security update will be automatically deployed to any High Sierra Mac with automatic updates enabled,
please ensure your Mac is receiving the latest updates,
this can be validated by following these steps

  1. Click the  icon on the lefthand side of the menubar
  2. Launch the App Store on your Mac.
  3. Click on App Store in the menubar.
  4. Click on Preferences in the dropdown menu.
  5. Check the box on the left of Automatically check for updates
  6. Check the box on the left of Download newly available updates in the background
  7. Check the box on the left of Install system data files and security updates

Alternatively for users who require manual installation of the update,
The Security update can also be found at
https://support.apple.com/en-au/HT208315
Instruction on how to apply the update manually can be found here
https://support.apple.com/en-au/HT201541

Filed under: Advice, Announcements

Leave a reply

Updated:  1 December 2017/ Responsible Officer:  Chief Information Officer/ Page Contact:  IT Security