UPDATE: macOS High Sierra 10.13.1 root login bug CVE-2017-13872
Log In or Register to download the BES file, and more.

0 Votes

Description

Available for: macOS High Sierra 10.13.1
Not impacted: macOS Sierra 10.12.6 and earlier
Impact: An attacker may be able to bypass administrator authentication without supplying the administrator’s password
Description: A logic error existed in the validation of credentials. This was addressed with improved credential validation.
CVE-2017-13872

Property Details

ID24859
StatusQA - Ready for Production Level Testing
TitleUPDATE: macOS High Sierra 10.13.1 root login bug CVE-2017-13872
DomainBESC
CategoryPatch
SourceLBNL
Source SeverityCritical
Source Release Date11/29/2017 5:55:26 PM
CVENamesCVE-2017-13872
Keywordsmacos 10.13.1 root bug login
Added by on 11/29/2017 5:55:26 PM
Last Modified by on 11/29/2017 5:55:26 PM
Counters 179 Views / 1 Download
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Relevance


Actions

Action 1

Action Link Click here  to initiate the deployment process through the Apple Software Update tool.
Script Type application/x-sh
#!/bin/bash

softwareupdate -l
softwareupdate -i 'Security Update 2017-001- '
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.

Action 2

Action Link Click here  to view more information from Apple on this update.
Script Type URL
https://support.apple.com/en-us/HT208315
    

Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!
tasaif -
Note this is a variation on a fixlet we used that has no logging This version is untested but should work