IT Services Alerts - UPDATED: Security Alert: macOS High Sierra (10.13) Vulnerability, November 29th
Updated: Thursday 30th November 14:00
Apple has released a supplemental security update to address a vulnerability in macOS High Sierra 10.13
The security update named, Security Update 2017-001 is available for download from the App Store.
What should I do?
IT Services encourge all owners of macOS desktops and laptops currently running macOS High Sierra 10.13 to apply the update as soon as possible.
Steps to locate and apply the security update can be found on our Software Security Update page https://www.tcd.ie/itservices/security/software-updates.php Choose the option How to install Mac OS updates
First Posted: Wednesday 29th November 16:50
A security flaw has been found in macOS High Sierra (10.13), which can allow someone with physical access to a macOS machine to gain access to and change personal files on the system without needing any admin credentials.
Is my computer vulnerable?
To use this vulnerability, the attacker needs to have physical access to your macOS machine, therefore macOS Laptops or desktops in open plan environments are more at risk, and desktops in a locked office have a lesser risk.
We recommend all macOS machines disable guest user account access and change the root password, to ensure their machine is not exposed to this vulnerability.
What should I do?
Until a fix is officially released by Apple, there are two major steps you can take to mitigate the situation.
- The first is disabling guest account access. This can make it more difficult for an attacker to jump in and change system settings.
- The second is to change the system’s root password. This can put a stop to the vulnerability altogether.
Steps to protect my macOS machine
Information on identifying the version of macOS you are using and to implement the security steps above can be found on our knowledge base page https://www.tcd.ie/itservices/software/kb/macos-version-useraccess.php
If you are unsure if you have macOS High Sierra (10.13) or if you need assistance in setting the root password then contact the IT Service Desk at extn: 2000 (01 8962000) or email firstname.lastname@example.org