Regarding a newly-discovered Mac vulnerability

On the afternoon of November 28, 2017, information came to light concerning a newly-discovered security vulnerability affecting Apple’s newest computer operating system, macOS 10.13 (A.K.A “High Sierra”). This bug allowed anyone with physical access to a Mac computer — if running the latest operating system — to enjoy total control of that device, with access to all files, folders, user data, settings, and etc.

On the morning of November 29, Denison ITS staff identified which university-owned computers had the potential to be affected by this issue, and proactively deployed a fix. We have no reason to believe any Denison-owned equipment was compromised as a result of the vulnerability.

Apple has also now released an official software “patch” to address this problem, which we will be incorporating into future versions of our official software image.

To note:

  • This vulnerability is specific to macOS 10.13 (“High Sierra”) ONLY. It does not affect earlier versions of the Mac operating system.
  • As previously stated, ITS has patched all on-campus, university-owned devices to protect against this vulnerability. If you use a university-owned Apple computer at home (which you manually updated to macOS 10.13) — or own a personal computer running this operating system — we recommend that you download and install Apple’s official software patch which you will find in the App Store. Complete installation directions can be read here: https://support.apple.com/en-us/HT201541