[MacTUG] MacOS High Sierra Security Bug Allows Root Login Without a Password, Here’s a Fix
Jim Johnston
jjohnston at uwaterloo.ca
Wed Nov 29 12:02:31 EST 2017
Check out today's HS security patch for this ...
https://support.apple.com/en-ca/HT208315
Security Update 2017-001
Released November 29, 2017
Directory Utility
Available for: macOS High Sierra 10.13.1
Not impacted: macOS Sierra 10.12.6 and earlier
Impact: An attacker may be able to bypass administrator authentication without supplying the administrator’s password
Description: A logic error existed in the validation of credentials. This was addressed with improved credential validation.
CVE-2017-13872
When you install Security Update 2017-001<https://support.apple.com/kb/HT201541> on your Mac, the build number of macOS will be 17B1002. Learn how to find the macOS version and build number<https://support.apple.com/kb/HT201260> on your Mac.
If you require the root user account on your Mac, you can enable the root user and change the root user's password<https://support.apple.com/en-us/HT204012>.
Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Risks are inherent in the use of the Internet. Contact the vendor<https://support.apple.com/kb/HT201777> for additional information. Other company and product names may be trademarks of their respective owners.
Published Date: Nov 29, 2017
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.uwaterloo.ca/pipermail/mactug/attachments/20171129/0bc4849b/attachment-0001.html>
More information about the MacTUG
mailing list