UPDATE: macOS High Sierra 10.13.1 root login bug CVE-2017-13872
Log In or Register to download the BES file, and more.

0 Votes


Available for: macOS High Sierra 10.13.1
Not impacted: macOS Sierra 10.12.6 and earlier
Impact: An attacker may be able to bypass administrator authentication without supplying the administrator’s password
Description: A logic error existed in the validation of credentials. This was addressed with improved credential validation.

Property Details

StatusQA - Ready for Production Level Testing
TitleUPDATE: macOS High Sierra 10.13.1 root login bug CVE-2017-13872
Source SeverityCritical
Source Release Date11/29/2017 5:55:26 PM
Keywordsmacos 10.13.1 root bug login
Added by on 11/29/2017 5:55:26 PM
Last Modified by on 11/29/2017 5:55:26 PM
Counters 496 Views / 1 Download
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.



Action 1

Action Link Click here  to initiate the deployment process through the Apple Software Update tool.
Script Type application/x-sh

softwareupdate -l
softwareupdate -i 'Security Update 2017-001- '
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.

Action 2

Action Link Click here  to view more information from Apple on this update.
Script Type URL


Social Media:
Share this page on Yammer


Log In or Register to leave comments!
tasaif -
Note this is a variation on a fixlet we used that has no logging This version is untested but should work