Apple have just released a patch which will be automatically installed on systems running the latest macOS 10.13 version of the High Sierra operating system. If you are not running this version on your Mac, you should upgrade to it and ensure that the security patch is applied.

The patch, given the CVE ID: CVE-2017-13872, corrects a bug giving anyone with physical access to a computer running the latest version of the operating system admin access simply by putting “root” in the user name field. According to Apple, the bug only affects macOS Sierra 10.13.1, and does not affect macOS Sierra 10.12.6 or earlier.

Unusually, the bug was announced by a developer, Lemi Orhan Ergin, who publicised the flaw on Twitter rather than going through the usual step of advising the software manufacturer (in this case Apple) of the bug, thus allowing them to release a patch before the flaw was announced to the world and thus making the flaw available to malicious users before the patch could be released.

References: Apple Security Update – https://support.apple.com/en-us/HT208315 National Vulnerability Database (NIST, USA) – https://nvd.nist.gov/vuln/search/

Stay safe, Terry Griffin



Feature Articles


Blog
The Philippines' National Cyber Security Plan 2023-2028: Roadmap to Cyberspace Resilience
By Justin Luna | 28 August 2024
Blog
2024-2025 Government Budget: Focusing investment in cyber security skilling
By Jeremy Daly | 1 July 2024
Read
Blog
20 Tips for Secure Cloud Migration, Supported with ISC2 CCSP Training
By Jeremy Daly | 14 March 2025
eBook
The Ultimate Guide to the CCSP
By Lumify Work Team and ISC2 | 14 March 2025
Blog
Transforming the Philippine Workforce: The National AI Strategy and AI Skills Development
By Chloe Villanueva | 18 December 2024
Case Study
Boosting Government Cyber Security: The Impact of ISC2 CLSSP Certification in COMELEC
By Chloe Villanueva | 19 December 2024
News
Lumify Work Product Manager Achieves Triple Ambassador Status with PeopleCert
By Lumify Work Team | 17 March 2025