The MacOS Fix is Out!

And, the fix is out, update now!

Apple releases macOS High Sierra security fix for critical root vulnerability
Apple releases macOS High Sierra security fix for critical root vulnerability 

9to5mac – By: Zac Hall = If you’re running macOS High Sierra, it’s time to update your Mac as soon as possible. Apple has released a security update that addresses the security vulnerability discovered yesterday afternoon. The update is available now through the Mac App Store.

Apple details the fix here:

SECURITY UPDATE 2017-001

Released November 29, 2017

Directory Utility

Available for: macOS High Sierra 10.13.1

Not impacted: macOS Sierra 10.12.6 and earlier

Impact: An attacker may be able to bypass administrator authentication without supplying the administrator’s password

Description: A logic error existed in the validation of credentials. This was addressed with improved credential validation.

CVE-2017-13872

When you install Security Update 2017-001 on your Mac, the build number of macOS will be 17B1002. Learn how to find the macOS version and build number on your Mac.

If you require the root user account on your Mac, you can enable the root user and change the root user’s password.

While the security vulnerability was a rather serious one, Apple has promptly responded with a fix less than 24 hours after it became public. The issue did not affect older versions of macOS, although there doesn’t appear to be a fix available for macOS 10.13.2 beta yet as the fix (downloadable here) only appears to apply to macOS 10.13.1 for now.

Apple issued this statement to 9to5Mac following the software fix:

‘Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS.

When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. This morning, as of 8 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.

We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.'”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.