Mac OSX High Sierra Vulnerability Test & Patch Instructions
Update: An official patch from Apple has at this time been released. See details here – https://support.apple.com/en-us/HT208315.
Vulnerability Overview
A new Mac OSX vulnerability that impacts OSX High Sierra was released yesterday. The bug allows for the ability to login as root on any 10.13.1 computer.
Ryan O’Connor, Hurricane Labs Splunk & Security Consultant, along with TJ (Management Information Systems major at the UConn School of Business) took note of the vulnerability and were surprised that there was no immediate patch for it (as of 9:36AM today).
They decided to do a live demo to show what they were looking at, as well as tips on how to patch this bug.
Live Test and Patch Demo
During the demo, Ryan and TJ go through multiple tests. They looked at what can be done to patch as well as how to test that patch.
Patch, patch, patch!
Those who have not changed their root passwords are currently open to this vulnerability. After this live demo of the new Mac OSX vulnerability, we hope you’re all out there right now changing your root passwords or installing the newly announced patch.
Any questions/comments/concerns please reach out to us on Twitter (@hurricanelabs).
About Hurricane Labs
Hurricane Labs is a dynamic Managed Services Provider that unlocks the potential of Splunk and security for diverse enterprises across the United States. With a dedicated, Splunk-focused team and an emphasis on humanity and collaboration, we provide the skills, resources, and results to help make our customers’ lives easier.
For more information, visit www.hurricanelabs.com and follow us on Twitter @hurricanelabs.
