We use cookies to ensure that we give you the best experience on our website. You can change your cookie settings at any time. Otherwise, we'll assume you're OK to continue.

Computing and Information Services

CIS News

Mac OS X 10.13 (High Sierra) Vulnerability - Updated

(29 November 2017)

The vulnerability effectively allows someone with access to the machine to log in and gain administration rights through the root user account, which could result in machines stopping working (by deleting certain system files), confidential data being viewed, data being deleted, or malware installed. If you have remote access to your Mac enabled then the vulnerability can be exploited remotely without physical access to the device.

Apple have released a security patch which will fully resolve the issue.

The instructions to address this vulnerability are as follows:

1. Check the Version of Mac OS X Installed

Open the Apple Menu and select About This Mac

You will be presented with a new Window which displays the current version of Mac OS X you are using.

If the version of OS X shown IS NOT High Sierra then you are not exposed to this specific vulnerability and no further action is required. NOTE: It is highly recommended you do not update your OS X to High Sierra until an official Apple statement is released that the vulnerability has been fixed.

If the version of OS X IS High Sierra then the issue is present and will need resolving using the following instructions.

2. Install the Security Patch

Open the Apple Menu and select App Store...

On the App Store Window select Updates (make sure the device has an Internet connection). A security update will appear in the Window. Select the Update option to install the patch.

The device will no longer have the security vulnerability. If the Root account was enabled as detailed in the instructions released pre-patch, the account will now be disabled as is the default standard.