==================================================================== CERT-Renater Note d'Information No. 2017/VULN370 _____________________________________________________________________ DATE : 30/11/2017 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): macOS versions 10.12.6 and later prior to 10.13.1. ===================================================================== https://lists.apple.com/archives/security-announce/2017/Nov/msg00001.html _____________________________________________________________________ APPLE-SA-2017-11-29-2 Security Update 2017-001 Security Update 2017-001 is now available and addresses the following: Directory Utility Available for: macOS High Sierra 10.13 and macOS High Sierra 10.13.1 Not impacted: macOS Sierra 10.12.6 and earlier Impact: An attacker may be able to bypass administrator authentication without supplying the administrator's password Description: A logic error existed in the validation of credentials. This was addressed with improved credential validation. CVE-2017-13872 Entry updated November 29, 2017 To confirm that your Mac has Security Update 2017-001: 1. Open the Terminal app, which is in the Utilities folder of your Applications folder. 2. Type "what /usr/libexec/opendirectoryd" and press Return. 3. If Security Update 2017-001 was installed successfully, you will see one of these project version numbers: opendirectoryd-483.1.5 on macOS High Sierra 10.13 opendirectoryd-483.20.7 on macOS High Sierra 10.13.1 If you require the root user account on your Mac, see https://support.apple.com/HT204012 for information on how to re-enable the root user and change the root user's password. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================