MAC OS X 10.13 and Greater Vulnerability

Posted in Announcements

On November 28th a software developer publicly reported a security vulnerability on Mac operating systems, High Sierra 10.13 or greater. This vulnerability allows anyone to login to a Mac device and change administrative settings by typing in the username “root” with no password.

Systems at Risk

Currently, this vulnerability is only detected in users with a Mac operating system that has been upgraded to High Sierra 10.13 or greater;
Systems with local console access, such as shared usage computers in teaching or lab environments, where users of shared computers are not privileged with root access;
Systems with Apple Remote Desktop (ARD) enabled

Apple has released the following security update:

Service Management is working to test and apply the patch. No action is needed by end users for UIS Managed Systems.

Recommended Actions for students and personal machines

High Sierra 10.13 or greater users: Visit Apple Support to install the security update
If you need assistance with the security update, please call the Help Desk at 202-687-4949 or visit the walk up Service Desk in the Bookstore.

More Information

https://www.macrumors.com/how-to/temporarily-fix-macos-high-sierra-root-bug/

https://www.theverge.com/2017/11/28/16711782/apple-macos-high-sierra-critical-password-security-flaw

http://www.pocket-lint.com/news/142980-macos-high-sierra-root-bug-allows-admin-access-without-a-password-who-is-affected-and-is-there-a-fix http://uk.businessinsider.com/macos-high-sierra-can-be-hacked-with-username-root-and-no-password-2017-11

Cyber Alert: Update your Mozilla Firefox browser

September 11th, 2019

Phishing Email Alert _ Do Not Respond

July 19th, 2019

Public Service Notice – Zoom Security Flaw

July 11th, 2019

UISO Cyber Security Newsletter

May 7th, 2019