Apple security update

Number: AV17-178
Date: 29 November 2017

Purpose

The purpose of this advisory is to bring attention to an Apple system security update for macOS High Sierra.

Assessment

A flaw in macOS High Sierra allows a user to log in to the root account of a computer that uses this operating system. A user may be able to bypass administrator authentication AuthenticationA process or measure used to verify a users identity. without supplying the administrator’s password.

Apple has released the following support article:

  • macOS High Sierra 10.13.1
  • Not impacted versions: macOS Sierra 10.12.6 and earlier

This update addresses vulnerabilities on the system listed above.

CVE Reference: CVE-2017-13872

Suggested action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.

References

https://support.apple.com/en-ca/HT208315

Date modified: