A critical vulnerability has been discovered in macOS High Sierra (10.13.x). This vulnerability allows an individual to locally log in as “root” if the root account has not been enabled and configured with a password.
Apple has issued a Security Update to remediate this vulnerability https://support.apple.com/en-us/HT208315. If your Mac is enrolled in Jamf Pro, our Apple Endpoint Management Tool, ITS has already patched your computer. If your Mac is not enrolled in Jamf Pro, or if you have a Mac at home running High Sierra, please run Apple Updates as soon as possible. If you need assistance or have questions about this security update contact your IT administrator or the Computer Help Center (402) 472-3970 or toll-free (866) 472-3970, [log in to unmask].
Additional information about this issue can be found at https://9to5mac.com/2017/11/29/macos-root-fix/.
Cheryl O’Dell, CISSP, GCFE
Security Awareness & Incident Response Manager
Office of Cyber Security|ITS|
501 127H, 68588-0203
University of Nebraska |nebraska.edu
402-472-7851 (o)
Phil Redfern
Endpoint Management Coordinator
University of Nebraska
Information Technology Services
(402) 472-7959