Returning to campus: Information, updates and vaccination requirements. Learn more.

MacOS Authentication Bypass on High Sierra 10.13

Threat Level: High
Threat Type: Authentication Bypass - Remote Access
Advisory Date: 07/04/2019

Description

A security flaw has been detected in Mac operating systems, High Sierra 10.13 or greater.  This vulnerability allows anyone to login to a Mac device and change administrative settings by typing in the username “root” with no password more details can be found in the links provided.

Systems at Risk: Currently, this vulnerability is only detected in users with a Mac operating system that has been upgraded to High Sierra 10.13 or greater.

Systems Not at Risk: Mac operating systems that are prior to 10.13

Impact

This alert is deemed high risk, due to the high impact:

  • Systems running Apple Remote Desktop (ARD) can be logged into remotely with a root account, no password.
  • Systems running Apple Screen Sharing can be logged into remotely with a root account, no password.
  • Systems with local console access, such as shared usage computers in teaching or lab environments, can be logged into locally with a root account, no password.
  • There are likely other services impacted on vulnerable systems
  • Vulnerable systems running SSH as a service are not affected by this issue, due to other controls in macOS

Resolution

Machines running 10.13 should immediately be upgraded to 10.13.1 and have Apple Security Update 2017-001 installed: https://support.apple.com/en-ca/HT208315

If a machine running 10.13 cannot be upgraded, then the root account must be enabled, and a complex password set on it: https://www.macrumors.com/how-to/temporarily-fix-macos-high-sierra-root-bug

No action is required for machines running macOS 10.12.6 or earlier.  When/if they are upgraded to macOS High Sierra, they should automatically receive 10.13.1 and the security patch

Resources

Please see patches and updates resources page. 

Please contact the IT Support Centre if you require assistance:

In person at ED 137 or Archer Library Main Floor Commons

Phone 306-585-4685
Email IT.Support@uregina.ca
Webform https://www.uregina.ca/is/forms/ticket.html
In person at ED 137 or Archer Library Main Floor Commons