Disclaimer: This news item was originally posted on Friday, Dec 1, 2017. Its content may no longer be timely or accurate.

Alert: Critical Vulnerability in Mac OS 10.13 "High Sierra"

Posted: 12:34:42, Friday, Dec 1, 2017   Expiration: 12:34:42, Friday, Dec 8, 2017

Security Update 2017-001 Available for: macOS High Sierra 10.13 and macOS High Sierra 10.13.1 Not impacted: macOS Sierra 10.12.6 and earlier Impact: An attacker may be able to bypass administrator authentication without supplying the administrator’s password Description: A logic error existed in the validation of credentials. This was addressed with improved credential validation. CVE-2017-13872 Entry updated November 29, 2017

There is a critical vulnerability the latest version of Apple Mac OS 10.3, or "High Sierra", that allows anyone with physical access to the computer to log in with unlimited access to files and configuration settings without actually entering a password.

If your Mac is running this version of the operating system you should update your system immediately.

  • You can check the version of your operating system by clicking on the Apple icon and selecting 'About This Mac'.  Version 10.13 or higher, macOS "High Sierra", is affected by this vulnerability.
  • Apple provides information on how to patch here: https://support.apple.com/en-us/HT201541

Apple has posted more information on this vulnerability here: https://support.apple.com/en-gb/HT208315

This vulnerability is a good reminder to keep our computers updated with the latest patches available from the manufacturer. 

Published Date:

-- Rice U: Diane Yee

Created: 02:52:33, Friday, Dec 1, 2017 (by Diane Y.)
Updated: 18:08:03, Friday, Dec 1, 2017 (by Diane Y.)