Number: AV17-178
Date: 29 November 2017
Purpose
The purpose of this advisory is to bring attention to an Apple system security update for macOS High Sierra.
Assessment
A flaw in macOS High Sierra allows a user to log in to the root account of a computer that uses this operating system. A user may be able to bypass administrator authentication without supplying the administrator’s password.
Apple has released the following support article:
- macOS High Sierra 10.13.1
- Not impacted versions: macOS Sierra 10.12.6 and earlier
This update addresses vulnerabilities on the system listed above.
CVE Reference: CVE-2017-13872
Suggested action
CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.