25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Apple Releases Patch to Fix Serious MacOS High Sierra Vulnerability

Posted By on Nov 30, 2017

Earlier this week, Apple discovered an embarrassing flaw in MacOS High Sierra that allows anyone with access to the device, and potentially remote users, to gain access as a root user without a password. The flaw only affects devices running High Sierra version 10.13.1. MacOS Sierra 10.12.6 and earlier versions are unaffected.

The High Sierra vulnerability was discovered by a Turkish software developer, who disclosed the flaw on Twitter in a Tweet to @AppleSupport. Lemi Orhan Ergin discovered that it was possible to login to a Mac running the latest High Sierra version of its operating system with the user name ‘root’ without the need for a password. Simply adding root as the username and clicking login several times allowed an unauthenticated user to login using the root account.

Within 24 hours to the tweet being sent, Apple issued a patch to fix the High Sierra vulnerability, which is available via the App Store app. The vulnerability is a logic error in the validation of credentials., which is tracked as CVE-2017-13872.

While the flaw could be exploited by a local user, remote exploitation is also possible if the device has been infected with malware. If screen sharing is enabled, a remote user that has already gained access to the network could potentially exploit the flaw and gain root privileges.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Apple has issued an apology to customers for the error. An Apple spokesperson said, “We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.” Apple has urged users to apply the patch – Security Update 2017-001 – as soon as possible.

Apple will be installing the patch automatically today. Users should check to make sure the patch has been applied, using the steps detailed below:

  1. Open the Terminal app, which is in the Utilities folder of your Applications folder.
  2. Type: what /usr/libexec/opendirectoryd and press Return.
  3. If Security Update 2017-001 was installed successfully, you will see one of these project version numbers:
    opendirectoryd-483.1.5 on macOS High Sierra 10.13
    opendirectoryd-483.20.7 on macOS High Sierra 10.13.1

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist