Security Issue With macOS High Sierra

classic Classic list List threaded Threaded
21 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Security Issue With macOS High Sierra

Thomas Rohde
Did we have this here already? I’ve been away for a few days …

https://twitter.com/lemiorhan/status/935578694541770752

> Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as "root" with empty password after clicking on login button several times. Are you aware of it @Apple?

and then, replying to himself:

> You can access it via System Preferences>Users & Groups>Click the lock to make changes. Then use "root" with no password. And try it for several times. [..]

At least Apple Support (‏Verified account @AppleSupport) has replied in that thread.


Regards, Tom


--
Thomas Rohde
Wiesenkamp 12, 29646 Bispingen, GERMANY
------------------------------
[hidden email]


____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Security Issue With macOS High Sierra

Kim Gammelgaard
I think it will be fixed in 10.13.2. It seems not to be a problem in the betas. 

Best regards

Kim

Den 28. nov. 2017 kl. 22.08 skrev Thomas Rohde <[hidden email]>:

Did we have this here already? I’ve been away for a few days …

https://twitter.com/lemiorhan/status/935578694541770752

Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as "root" with empty password after clicking on login button several times. Are you aware of it @Apple?

and then, replying to himself:

You can access it via System Preferences>Users & Groups>Click the lock to make changes. Then use "root" with no password. And try it for several times. [..] 

At least Apple Support (‏Verified account @AppleSupport) has replied in that thread.


Regards, Tom




____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Security Issue With macOS High Sierra

Kim Gammelgaard
Oops, I was too fast. It seems not to be fixed yet. 

Best regards

Kim

Den 28. nov. 2017 kl. 22.25 skrev Kim Gammelgaard <[hidden email]>:

I think it will be fixed in 10.13.2. It seems not to be a problem in the betas. 

Best regards

Kim

Den 28. nov. 2017 kl. 22.08 skrev Thomas Rohde <[hidden email]>:

Did we have this here already? I’ve been away for a few days …

https://twitter.com/lemiorhan/status/935578694541770752

Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as "root" with empty password after clicking on login button several times. Are you aware of it @Apple?

and then, replying to himself:

You can access it via System Preferences>Users & Groups>Click the lock to make changes. Then use "root" with no password. And try it for several times. [..] 

At least Apple Support (‏Verified account @AppleSupport) has replied in that thread.


Regards, Tom



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Security Issue With macOS High Sierra

Paul Schinder


> On Nov 28, 2017, at 4:27 PM, Kim Gammelgaard <[hidden email]> wrote:
>
> Oops, I was too fast. It seems not to be fixed yet.

Doesn’t work for me.  I tried to login as “root” using System Preferences>Users & Groups and got the shaking window refusing access.  10.13.1, 2014 MacBook Pro retina, running on / on an APFS filesystem.  I tried “su root” and “login root” from the command line and failed as well.  I don’t think I ever enabled root on this machine since sudo is set up and allows me the same access when I need it.  root’s password is “*” in /etc/passwd and /etc/master.passwd, but I don’t know if either is used any more, anyway.

>
> Best regards
>
> Kim
>
>> Den 28. nov. 2017 kl. 22.25 skrev Kim Gammelgaard <[hidden email]>:
>>
>> I think it will be fixed in 10.13.2. It seems not to be a problem in the betas.
>>
>> Best regards
>>
>> Kim
>>
>>> Den 28. nov. 2017 kl. 22.08 skrev Thomas Rohde <[hidden email]>:
>>>
>>> Did we have this here already? I’ve been away for a few days …
>>>
>>> https://twitter.com/lemiorhan/status/935578694541770752
>>>
>>>> Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as "root" with empty password after clicking on login button several times. Are you aware of it @Apple?
>>>
>>> and then, replying to himself:
>>>
>>>> You can access it via System Preferences>Users & Groups>Click the lock to make changes. Then use "root" with no password. And try it for several times. [..]
>>>
>>> At least Apple Support (‏Verified account @AppleSupport) has replied in that thread.
>>>
>>>
>>> Regards, Tom
>

--
Paul Schinder
[hidden email]





____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Security Issue With macOS High Sierra

Alan Forkosh
In reply to this post by Thomas Rohde
macRumors has a temporary fix: 
Enable Root and supply it with a password.
 
Details on doing that are at https://www.macrumors.com/how-to/temporarily-fix-macos-high-sierra-root-bug/

Alan Forkosh                    Oakland, CA
[hidden email]
http://al4kosh.com



On Nov 28, 2017, at 1:08 PM, Thomas Rohde <[hidden email]> wrote:

Did we have this here already? I’ve been away for a few days …

https://twitter.com/lemiorhan/status/935578694541770752

Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as "root" with empty password after clicking on login button several times. Are you aware of it @Apple?

and then, replying to himself:

You can access it via System Preferences>Users & Groups>Click the lock to make changes. Then use "root" with no password. And try it for several times. [..]

At least Apple Support (‏Verified account @AppleSupport) has replied in that thread.


Regards, Tom






____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Security Issue With macOS High Sierra

Nicholas Miller
In reply to this post by Kim Gammelgaard
I tried it and it worked for me.  Should I be changing the root password, or would that cause other problems?

Nick

On Nov 28, 2017, at 4:25 PM, Kim Gammelgaard <[hidden email]> wrote:

I think it will be fixed in 10.13.2. It seems not to be a problem in the betas. 

Best regards

Kim

Den 28. nov. 2017 kl. 22.08 skrev Thomas Rohde <[hidden email]>:

Did we have this here already? I’ve been away for a few days …

https://twitter.com/lemiorhan/status/935578694541770752

Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as "root" with empty password after clicking on login button several times. Are you aware of it @Apple?

and then, replying to himself:

You can access it via System Preferences>Users & Groups>Click the lock to make changes. Then use "root" with no password. And try it for several times. [..] 

At least Apple Support (‏Verified account @AppleSupport) has replied in that thread.


Regards, Tom



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____




____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Security Issue With macOS High Sierra

Al Varnell
There are still multiple discussions going on, even at this hour about what needs to be done. Most of the recommendations that have been given so far are to give root a complex password and then disable root, but a few IT's have already found ways to get around this. Others have suggested a way to disable the root user, but I doubt that's been fully tested either.

My best advise at the moment is to not leave your Mac unlocked. As long as you don't see "root" listed as a user when you get the login screen, don't have any Remote accesses enabled in System Preferences->Sharing or apps like TeamViewer installed, and screen-lock your computer when you are away from it, there doesn't seem to be any way to take advantage of this vulnerability.

If anybody comes up with something more fool-proof, I'll let you know.

-Al-

On Tue, Nov 28, 2017 at 05:31 PM, Nicholas Miller wrote:
I tried it and it worked for me.  Should I be changing the root password, or would that cause other problems?

Nick

On Nov 28, 2017, at 4:25 PM, Kim Gammelgaard <[hidden email]> wrote:

I think it will be fixed in 10.13.2. It seems not to be a problem in the betas. 

Best regards

Kim

Den 28. nov. 2017 kl. 22.08 skrev Thomas Rohde <[hidden email]>:

Did we have this here already? I’ve been away for a few days …

https://twitter.com/lemiorhan/status/935578694541770752

Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as "root" with empty password after clicking on login button several times. Are you aware of it @Apple?

and then, replying to himself:

You can access it via System Preferences>Users & Groups>Click the lock to make changes. Then use "root" with no password. And try it for several times. [..] 

At least Apple Support (‏Verified account @AppleSupport) has replied in that thread.


Regards, Tom



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Security Issue With macOS High Sierra

Al Varnell
Here's the statement given to iMore with instructions:

"We are working on a software update to address this issue," an Apple spokesperson told iMore. "In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: <https://support.apple.com/en-us/HT204012>. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the 'Change the root password' section."

-Al-

On Tue, Nov 28, 2017 at 11:32 PM, Al Varnell wrote:
There are still multiple discussions going on, even at this hour about what needs to be done. Most of the recommendations that have been given so far are to give root a complex password and then disable root, but a few IT's have already found ways to get around this. Others have suggested a way to disable the root user, but I doubt that's been fully tested either.

My best advise at the moment is to not leave your Mac unlocked. As long as you don't see "root" listed as a user when you get the login screen, don't have any Remote accesses enabled in System Preferences->Sharing or apps like TeamViewer installed, and screen-lock your computer when you are away from it, there doesn't seem to be any way to take advantage of this vulnerability.

If anybody comes up with something more fool-proof, I'll let you know.

-Al-

On Tue, Nov 28, 2017 at 05:31 PM, Nicholas Miller wrote:
I tried it and it worked for me.  Should I be changing the root password, or would that cause other problems?

Nick

On Nov 28, 2017, at 4:25 PM, Kim Gammelgaard <[hidden email]> wrote:

I think it will be fixed in 10.13.2. It seems not to be a problem in the betas. 

Best regards

Kim

Den 28. nov. 2017 kl. 22.08 skrev Thomas Rohde <[hidden email]>:

Did we have this here already? I’ve been away for a few days …

https://twitter.com/lemiorhan/status/935578694541770752

Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as "root" with empty password after clicking on login button several times. Are you aware of it @Apple?

and then, replying to himself:

You can access it via System Preferences>Users & Groups>Click the lock to make changes. Then use "root" with no password. And try it for several times. [..] 

At least Apple Support (‏Verified account @AppleSupport) has replied in that thread.


Regards, Tom


____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____

-Al-
-- 
Al Varnell
Mountain View, CA







____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Security Issue With macOS High Sierra

Papa Gordie
In reply to this post by Paul Schinder
On Nov 28 2017 at 14:39:33 Paul Schinder <[hidden email]> wrote:

> Doesn’t work for me.  I tried to login as “root”

Did you try using an upper case “R?” I believe it needs to be Root as opposed to root. At least it does on my machines.

Gord


____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Security Issue With macOS High Sierra

Randy B. Singer
In reply to this post by Alan Forkosh

On Nov 28, 2017, at 3:10 PM, Alan Forkosh wrote:

> macRumors has a temporary fix:

Apple has already released a patch:

https://support.apple.com/en-us/HT208315

"When you install Security Update 2017-001 on your Mac, the build number of macOS will be 17B1002."

___________________________________________
Randy B. Singer
Co-author of The Macintosh Bible (4th, 5th, and 6th editions)

Macintosh OS X Routine Maintenance
http://www.macattorney.com/ts.html
___________________________________________






____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Security Issue With macOS High Sierra

Paul Schinder
In reply to this post by Papa Gordie


> On Nov 29, 2017, at 11:23 AM, Papa Gordie <[hidden email]> wrote:
>
> On Nov 28 2017 at 14:39:33 Paul Schinder <[hidden email]> wrote:
>
>> Doesn’t work for me.  I tried to login as “root”
>
> Did you try using an upper case “R?” I believe it needs to be Root as opposed to root. At least it does on my machines.
>

No, I was using root, which is the username for the Unix superuser.  But I spoke too soon.  I tried again afterwards and you just have to keep trying.  It unlocked after a few more tries than I had first done.  Anyway, it’s fixed now.

--
Paul Schinder
[hidden email]





____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Security Issue With macOS High Sierra

Jerome King-2
               
Apple said no Restart is required

However, for me with 2013 iMac, when I switched to a different User Account (I have about 8) the account acted as if it had been a major revision/ restart and asked me for the Apple ID for that account.
        so, I infer, that a restart is almost required

Jerry


____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Security Issue With macOS High Sierra

T.Tobius
In reply to this post by Thomas Rohde

On Wed, 29 Nov 2017 11:21:21 -0800
From: "Randy B. Singer" <[hidden email]>

Apple has already released a patch:

https://support.apple.com/en-us/HT208315

"When you install Security Update 2017-001 on your Mac, the build number of macOS will be 17B1002.”

Looks like the fix had a bug.




____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Security Issue With macOS High Sierra

Tallitsch, Robert
Adam

Below you make the following statement: If you installed Security Update 2017-001 yesterday, and your build number is 17B1002, Software Update should offer you the update again; install it manually to fix the file sharing bug and move to build 17B1003.

My Mac Pro only has the software update build # 17B1002. When I hit “software update” on the “About this Mac” finder option I was told that my software was up-to-date and no updates were available. In addition I can’t seem to find the download page for this security update (build number 17B1003).

Suggestions?

Bob

On Nov, 30 2017, , at 14:27, [hidden email] wrote:


On Wed, 29 Nov 2017 11:21:21 -0800
From: "Randy B. Singer" <[hidden email]>

Apple has already released a patch:

https://support.apple.com/en-us/HT208315

"When you install Security Update 2017-001 on your Mac, the build number of macOS will be 17B1002.”

Looks like the fix had a bug.



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____




Robert B. Tallitsch, Ph. D.  l  Professor of Biology  l  Augustana College
639 38th Street  l  Rock Island, IL 61201  l  (309) 794-3441
web page: http:www.augustana.edu/users/bitallitsch


I am a teacher. A teacher is someone who leads. 
There is no magic here. 
I do not walk on water, I do not part the sea. 
I just love my students.   
(adapted from Marva Collins)
************************************************************
Teaching is the playful search and discovery with others for 
the potential in each of them—and in me. 
(Louis Schmier)
************************************************************ 
The task of the excellent teacher is to stimulate apparently
ordinary people to unusual effort. The tough part is not in
identifying winners; it is in making winners out of ordinary people. 
************************************************************ 








____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Security Issue With macOS High Sierra

adamengst
Administrator
Below you make the following statement: If you installed Security Update 2017-001 yesterday, and your build number is 17B1002, Software Update should offer you the update again; install it manually to fix the file sharing bug and move to build 17B1003.

My Mac Pro only has the software update build # 17B1002. When I hit “software update” on the “About this Mac” finder option I was told that my software was up-to-date and no updates were available. In addition I can’t seem to find the download page for this security update (build number 17B1003).

I can’t explain that — perhaps restart? I can say that if you’re not having troubles with file sharing, I doubt there’s any harm in just sticking with 17B1002.

cheers... -Adam




____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Security Issue With macOS High Sierra

Jerome King-2
My experience was to go to the App Store link in the Apple menu. Then I clicked on the Upgrades tab. 
That brought up the new update that loaded 

jerry

On Nov 30, 2017, at 4:53 PM, Adam Engst <[hidden email]> wrote:

Below you make the following statement: If you installed Security Update 2017-001 yesterday, and your build number is 17B1002, Software Update should offer you the update again; install it manually to fix the file sharing bug and move to build 17B1003.

My Mac Pro only has the software update build # 17B1002. When I hit “software update” on the “About this Mac” finder option I was told that my software was up-to-date and no updates were available. In addition I can’t seem to find the download page for this security update (build number 17B1003).

I can’t explain that — perhaps restart? I can say that if you’re not having troubles with file sharing, I doubt there’s any harm in just sticking with 17B1002.

cheers... -Adam



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____




____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Security Issue With macOS High Sierra

Tallitsch, Robert
In reply to this post by adamengst
I did restart after the update. I don’t do file sharing so I will stick with this and (possible) the app store will tell me when there is another update.

Thanks - as always

Bob

On Nov, 30 2017, , at 15:53, Adam Engst <[hidden email]> wrote:

Below you make the following statement: If you installed Security Update 2017-001 yesterday, and your build number is 17B1002, Software Update should offer you the update again; install it manually to fix the file sharing bug and move to build 17B1003.

My Mac Pro only has the software update build # 17B1002. When I hit “software update” on the “About this Mac” finder option I was told that my software was up-to-date and no updates were available. In addition I can’t seem to find the download page for this security update (build number 17B1003).

I can’t explain that — perhaps restart? I can say that if you’re not having troubles with file sharing, I doubt there’s any harm in just sticking with 17B1002.

cheers... -Adam



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____




Robert B. Tallitsch, Ph. D.  l  Professor of Biology  l  Augustana College
639 38th Street  l  Rock Island, IL 61201  l  (309) 794-3441
web page: http:www.augustana.edu/users/bitallitsch


I am a teacher. A teacher is someone who leads. 
There is no magic here. 
I do not walk on water, I do not part the sea. 
I just love my students.   
(adapted from Marva Collins)
************************************************************
Teaching is the playful search and discovery with others for 
the potential in each of them—and in me. 
(Louis Schmier)
************************************************************ 
The task of the excellent teacher is to stimulate apparently
ordinary people to unusual effort. The tough part is not in
identifying winners; it is in making winners out of ordinary people. 
************************************************************ 








____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Security Issue With macOS High Sierra

Alan Forkosh
Here’s what the impatient did to restore file sharing before Apple added the fix (from http://daringfireball.com):

                • Open the Terminal app, which is in the Utilities folder of your Applications folder.
                • Type sudo /usr/libexec/configureLocalKDC and press Return.
                • [Enter your admin password when prompted and wait for next prompt]
                • Quit Terminal

Alan Forkosh                    Oakland, CA
[hidden email]
http://al4kosh.com



> On Nov 30, 2017, at 3:21 PM, Bob Tallitsch <[hidden email]> wrote:
>
> I did restart after the update. I don’t do file sharing so I will stick with this and (possible) the app store will tell me when there is another update.
>
> Thanks - as always
>
> Bob
>




____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Security Issue With macOS High Sierra

James R Cutler
In reply to this post by adamengst
On Nov 30, 2017, at 4:53 PM, Adam Engst <[hidden email]> wrote:

Below you make the following statement: If you installed Security Update 2017-001 yesterday, and your build number is 17B1002, Software Update should offer you the update again; install it manually to fix the file sharing bug and move to build 17B1003.

My Mac Pro only has the software update build # 17B1002. When I hit “software update” on the “About this Mac” finder option I was told that my software was up-to-date and no updates were available. In addition I can’t seem to find the download page for this security update (build number 17B1003).

I can’t explain that — perhaps restart? I can say that if you’re not having troubles with file sharing, I doubt there’s any harm in just sticking with 17B1002.

cheers... -Adam


It is always a good idea to reboot a system after any important software changes. 

In this case, the amount of time reboots take after these security updates indicates the updates have serious effects.

Jim

James R. Cutler
PGP keys at http://pgp.mit.edu






____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Security Issue With macOS High Sierra

Tallitsch, Robert
I always reboot after updates such as this - nothing has helped. That said, my laptop just notified me of a second security update; I assume my CPU will do the same tomorrow at the office.

Bob

On Thu, Nov 30, 2017 at 8:03 PM, James R Cutler <[hidden email]> wrote:
On Nov 30, 2017, at 4:53 PM, Adam Engst <[hidden email]> wrote:

Below you make the following statement: If you installed Security Update 2017-001 yesterday, and your build number is 17B1002, Software Update should offer you the update again; install it manually to fix the file sharing bug and move to build 17B1003.

My Mac Pro only has the software update build # 17B1002. When I hit “software update” on the “About this Mac” finder option I was told that my software was up-to-date and no updates were available. In addition I can’t seem to find the download page for this security update (build number 17B1003).

I can’t explain that — perhaps restart? I can say that if you’re not having troubles with file sharing, I doubt there’s any harm in just sticking with 17B1002.

cheers... -Adam


It is always a good idea to reboot a system after any important software changes. 

In this case, the amount of time reboots take after these security updates indicates the updates have serious effects.

Jim

James R. Cutler
PGP keys at http://pgp.mit.edu






____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____



--

Robert B. Tallitsch, Ph. D.  l  Professor of Biology  l  Augustana College
639 38th Street  l  Rock Island, IL 61201  l  <a href="tel:%28309%29%20794-3441" value="+13097943441" style="color:rgb(17,85,204)" target="_blank">(309) 794-3441

I am a teacher. A teacher is someone who leads. 
There is no magic here. 
I do not walk on water, I do not part the sea. 
I just love my students.   
(adapted from Marva Collins)
************************************************************
Teaching is the playful search and discovery with others for 
the potential in each of them—and in me. 
(Louis Schmier)
************************************************************ 
The task of the excellent teacher is to stimulate apparently
ordinary people to unusual effort. The tough part is not in
 identifying winners; it is in making winners out of ordinary people. 
************************************************************



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
12