[SingCERT] Alert on Security Flaw Found in macOS High Sierra

Published on Thursday, 30 November 2017 15:53


If users have updated to macOS High Sierra 10.13.1, please reapply the security patch 2017-001.

Updated on Monday, 4 December 2017 10:00 AM


macOS High Sierra is the latest release of Mac operating system by Apple Inc. for its brand of computers.

On 28 November 2017, a software developer discovered a security bug in macOS High Sierra. This bug allows anyone with access to Mac computers to log into the “root” account without keying in a password.

Affected Software

macOS High Sierra (version 10.13.2 Beta or earlier).


The bug allows anyone to gain full administrative rights to an unattended Mac computer that is running macOS High Sierra. This vulnerability can also be exploited remotely if the screen-sharing feature on the Mac computer is enabled. This means that the unauthorised user or hacker can potentially access the content or install malware on the victim's Mac computer.


SingCERT recommends users to update their Mac computers with the Security Update 2017-001, released by Apple on 30 November 2017. Members of the public are advised to lock their computers, set strong passwords for their accounts and not to leave their computers unattended.