Skip to Main Content
CWRU Links

News

Vulnerability Identified in Mac OSX High Sierra, Version 10.13 and Higher

A security flaw has been detected in Mac operating systems, High Sierra 10.13 or greater. This vulnerability allows anyone to login to a Mac device and change administrative settings by typing in the username “root” with no password. Users should apply the newly published Apple Security Update described at https://support.apple.com/en-us/HT208315 as soon as possible.

Systems at Risk

  • Currently, this vulnerability is only detected in users with a Mac operating system that has been upgraded to High Sierra 10.13 or greater.
  • Systems with local console access, such as shared computers in teaching or lab environments, where users are not privileged with root access.
  • Systems with Apple Remote Desktop (ARD) enabled.

Systems Not at Risk

  • Mac operating systems that are prior to 10.13.

Recommended Actions

  1. High Sierra 10.13 or greater users: Visit the Apple App Store and install the 2017-001 update as soon as possible.
  2. A temporary fix is to create a root account, then set a password and leave it enabled. Instructions can be found at https://www.macrumors.com/how-to/temporarily-fix-macos-high-sierra-root-bug/

For More Information



< Previous | Next >