MyCERT Advisories


MyCERT Advisories, Alerts and Summaries for the year 2017

MA-689.122017: MyCERT Advisory – Apple MacOS Sierra Vulnerability
Date first published: 01/12/2017



1.0 Introduction
Apple has released a supplemental security update to address a vulnerability in macOS High Sierra 10.13. The flaw can allow a local or remote user of a MacOS High Sierra system to obtain root privileges without requiring credentials.


2.0 Impact
A local or remote user of a MacOS High Sierra system can obtain root privileges without requiring credentials and could exploit this vulnerability to take control of an affected system. Any system that has the root account enabled (e.g. via testing for this vulnerability) may also expose the root account for use with remote administrative capabilities, such as the built-in "Screen Sharing" or "Remote Management" capabilities.


3.0 Affected Product
•    macOS High Sierra 10.13.1


4.0 Recommendation    
MyCERT advise users to always lock their computers, enable strong passwords following password management best practices for their accounts and never leave their computers unattended.

MyCERT highly recommended users and administrators to review and adhere with the information provided at the below URL and apply the necessary update.
•    http://www.kb.cert.org/vuls/id/113765
•    https://support.apple.com/en-us/HT208315

Please refer to the workaround below if you encounter the problem with installing the security updates by Apple.

1.    As a user with administrative privileges, launch Terminal
2.    Type sudo passwd -u root
3.    Enter a strong password

For more details on password settings, please refer to the information
provided at the URL below.
•    https://support.apple.com/en-us/HT204012
•    https://9to5mac.com/2017/11/28/how-to-set-root-password/

Generally, MyCERT advises the users of this product to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.


For further enquiries, please contact MyCERT through the following channels:
E-mail: cyber999@cybersecurity.my or mycert@mycert.org.my
Phone: 1-300-88-2999 (monitored during business hours)
Fax: +603 89453442
Handphone: +60 19 2665850 (24x7 call incident reporting)
SMS: CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours: Mon - Fri 09:00 AM - 18:00 PM MYT
Web: http://www.mycert.org.my
Twitter: http://www.twitter.com/mycert
Facebook: http://www.facebook.com/mycert.org.my
Cyber999 Mobile Apps: IOS Users or Android Users
 

5.0 References
•    https://www.us-cert.gov/ncas/current-activity/2017/11/29/Apple-Releases-Security-Update-macOS-High-Sierra
•    http://www.kb.cert.org/vuls/id/113765
•    https://www.jpcert.or.jp/english/at/2017/at170045.html
•    https://support.apple.com/en-us/HT204012
•    https://9to5mac.com/2017/11/28/how-to-set-root-password/