A critical vulnerability has been discovered in macOS High Sierra (10.13.x). This vulnerability allows an individual to locally log in as “root” if the root account has not been enabled and configured with a password.

 

Apple has issued a Security Update to remediate this vulnerability https://support.apple.com/en-us/HT208315. If your Mac is enrolled in Jamf Pro, our Apple Endpoint Management Tool, ITS has already patched your computer. If your Mac is not enrolled in Jamf Pro, or if you have a Mac at home running High Sierra, please run Apple Updates as soon as possible. If you need assistance or have questions about this security update contact your IT administrator or the Computer Help Center (402) 472-3970 or toll-free (866) 472-3970, [log in to unmask].

 

Additional information about this issue can be found at https://9to5mac.com/2017/11/29/macos-root-fix/.

 

 

Cheryl O’Dell, CISSP, GCFE

Security Awareness & Incident Response Manager

Office of Cyber Security|ITS|

501 127H, 68588-0203

University of Nebraska |nebraska.edu

402-472-7851 (o)

 

Phil Redfern

Endpoint Management Coordinator

University of Nebraska

Information Technology Services

(402) 472-7959

[log in to unmask]

Schedule a meeting with me