Skip to main content

Since this is out there, and the original finder did not go through responsible disclosure. Figured i'd post it here so at least admins are aware.
https://twitter.com/lemiorhan/status/935578694541770752



Dear @AppleSupport, we noticed a HUGE security issue at MacOS High Sierra. Anyone can login as "root" with empty password after clicking on login button several times. Are you aware of it @Apple?


This works on User & Admin accounts.



That being said, if you enable root and have a password on it. You're not affected. If you don't it'll enable root and create an account.



Enabling a root password however may cause you more tech debt down the line.

Read up, matin! 😉 . (released at 8:00 this AM)

Anybody know a way to create a Smart Group to verify if the patch was installed on systems?

@scharest Per the Apple support article detailing the patch, the new OS build version will be "17B1002", so you can use the "Operating System Build" criteria to build a Smart Group that has build "17B1002" installed. That should group machines that have the patch applied.
If you want the reverse, i.e, machines running High Sierra but don't have the patch installed, use these:



Operating System Version | greater than or equal | "10.13"
and
Operating System Build | is not | "17B1002"

If anyone is looking for an link from Apple to download the security update.



https://support.apple.com/kb/DL1942?viewlocale=en_US&locale=en_US

NIce,



i used below article to deploy that one specific update.



https://www.jamf.com/jamf-nation/third-party-products/files/937/apple-software-update-script

I just rebooted my Mac and the BuildVersion is now 17B1003. It looks like they re-released the patch.



Security Update 2017-001



Looks like the original patch broke other things:
https://www.engadget.com/2017/11/30/apples-high-sierra-security-patch-affected-mac-file-sharing/

The re-release also applies to 10.13 (vs. 10.13.1).

Terms & ConditionsCookie settings