OS X 10.13 (High Sierra) Security Threat
Posted: Fri Dec 01, 2017 6:16 pm
OS X 10.13 (High Sierra Security Threat!
There is a vulnerability that allows access to your OS X High Sierra computer using the root account and NO password, giving an attacker full permissions to your unpatched computer Apple has pushed out a mandatory security patch, but if you have a notebook and have been away from an internet connection make sure your install the patch ASAP!
There are 2 ways to verify you have the patch installed.
1) From the App Store.
a. Lauch the App Store application.
b. Click Updates.
c. If the update has been installed you will see, "Security Update 2017-001", installed sometime after Nov 30 2017.
2) From the terminal.
a. Launch terminal.app from your Utilities folder
b. Type what /usr/libexec/opendirectoryd
c. If you have the update installed you will see the following returned.
>opendirectoryd-483.1.5 on macOS High Sierra 10.13
>opendirectoryd-483.20.7 on macOS High Sierra 10.13.1
NOTE: If you had the root account enabled prior to the patch, you must re-enable the root account after the patch was installed.
Official Apple Documentation on this patch.
https://support.apple.com/en-us/HT208315
There is a vulnerability that allows access to your OS X High Sierra computer using the root account and NO password, giving an attacker full permissions to your unpatched computer Apple has pushed out a mandatory security patch, but if you have a notebook and have been away from an internet connection make sure your install the patch ASAP!
There are 2 ways to verify you have the patch installed.
1) From the App Store.
a. Lauch the App Store application.
b. Click Updates.
c. If the update has been installed you will see, "Security Update 2017-001", installed sometime after Nov 30 2017.
2) From the terminal.
a. Launch terminal.app from your Utilities folder
b. Type what /usr/libexec/opendirectoryd
c. If you have the update installed you will see the following returned.
>opendirectoryd-483.1.5 on macOS High Sierra 10.13
>opendirectoryd-483.20.7 on macOS High Sierra 10.13.1
NOTE: If you had the root account enabled prior to the patch, you must re-enable the root account after the patch was installed.
Official Apple Documentation on this patch.
https://support.apple.com/en-us/HT208315