11/29/17, 3:23 p.m. update:Apple is forcing automatic installation of the security update if you are running Mac OS High Sierra 10.13.1. The update will download and install automatically; you will be notified via an Apple Notifcation Center alert when it has been installed. If you are running other versions of High Sierra 10.13, you need to check the App Store for updates.

• Protect The Cheese Mac Os Catalina
• Protect The Cheese Mac Os X
• Protect The Cheese Mac Os Catalina

This message was sent to the IT Security Community, Frontline Notify, and Macsig groups via email on November 29, 2017. It is intended for U-M IT staff who are responsible for university Mac computers. It is also applicable to anyone with a personally owned Mac.

Summary

A security flaw has been detected in Mac OS High Sierra 10.13 or higher that could allow someone with physical or remote access to the computer to log in, change administrative settings, and gain full access to the computer simply by entering the username root with no password. If Apple Remote Desktop, SSH, or other remote access has been enabled, an attacker could gain remote access. Apple has just released an update to address the vulnerability.

1. Find the latest business news on Wall Street, jobs and the economy, the housing market, personal finance and money investments and much more on ABC News.
2. Oscypek (pronounced Os-tzipeck, Polish plural: oscypki), rarely Oszczypek, is a smoked cheese made of salted sheep milk exclusively in the Tatra Mountains region of Poland.Oscypek is made by an expert named 'baca', a term also denoting a sheep shepherd in the mountains. The cheese is a traditional holiday cheese.

Salad of mixed vegetables, pimiento cheese sandwiches, hot water gingerbread, banana, milk. Lunch/box lunch for factory workders (p. 848-9) Meat loaf sandwiches, spreading cheese and piccalilli sandwiches, celery, peaches, chocolate brownies, milk. OS X doesn’t protect your data from apps you download, so you’ll need to do that yourself. Apple does try to make sure you don’t install anything without thinking about it, and has tools to. May 07, 2018 A hearty thanks to all the communities and websites where Mac power users still exist: MacRumors, Netkas, XL8yourmac, TonyMacx86, EveryMac, Ars Technica, Reddit, and to The Mac Pro Upgrade group on FB (users Martin L, Jay V, Gianluca M, Jean-Paul R. John C, Brennan F, Peter K, Antonio A, Adam S and many others) and Mac Pro Users on FB, (Eric Z.) for providing feedback, the guys who do a lot of.

Affected Systems

• Macs running Mac OS High Sierra 10.13 or higher. Macs running earlier versions of Mac OS are not affected.

Action Items

For U-M units that manage their own Macs

• Do not upgrade to High Sierra 10.13 or above.
• For Macs that are running High Sierra 10.13 or above, apply the update from Apple as soon as possible after appropriate testing.
• If you cannot immediately apply the patch:
• Follow Apple's advice to set a strong root password for your managed Macs.
• If any type of remote access (for example, Apple Remote Desktop, SSH, and so on) has been enabled, disable it if possible.

For MiWorkspace-managed and Izzy-managed Macs

• The MiWorkspace team has already implemented Apple's recommendation for MiWorkspace Macs, as well as for those in units that subscribe to the a la carte Izzy Mac service, that are running High Sierra 10.13 or above via a silent update. MiWorkspace continues to recommend not updating to this OS.

For personally owned Macs

• Do not upgrade to High Sierra 10.13 or greater.
• If you have already upgraded to High Sierra 10.13 or greater, apply the update from Apple.
• If you have enabled any type of remote access (for example, Apple Remote Desktop, SSH, and so on), we recommend that you disable it if you aren't using it.

References

• Vulnerability Note VU#113765: Apple MacOS High Sierra root authentication bypass (CERT)
• There's a bug in Apple's most recent operating system (CNN, 11/28/17)
• Pro tip: You can log into macOS High Sierra as root with no password (The Register, 11/28/17)
• Here's How to Temporarily Fix the macOS High Sierra Bug That Gives Full Admin Access to Your Mac Sans Password (MacRumors, 11/28/17)
• Major Apple security flaw grants admin access on macOS High Sierra without password (The Verge, 11/28/17)
• MacOS High Sierra 'root' bug allows admin access without a password: Who is affected and how to fix it (Pocket-lint, 11/29/17)
• There's an embarrassing and dangerous security hole in the latest Mac software (Business Insider, 11/28/17)
• How to enable the root user on your Mac or change your root password (Apple)

Turn on and set up FileVault

FileVault 2 is available in OS X Lion or later. When FileVault is turned on, your Mac always requires that you log in with your account password.

1. Choose Apple menu () > System Preferences, then click Security & Privacy.
2. Click the FileVault tab.
3. Click , then enter an administrator name and password.
4. Click Turn On FileVault.

If other users have accounts on your Mac, you might see a message that each user must type in their password before they will be able to unlock the disk. For each user, click the Enable User button and enter the user's password. User accounts that you add after turning on FileVault are automatically enabled.

Choose how you want to be able to unlock your disk and reset your password, in case you ever forget your password:

• If you're using OS X Yosemite or later, you can choose to use your iCloud account to unlock your disk and reset your password.*
• If you're using OS X Mavericks, you can choose to store a FileVault recovery key with Apple by providing the questions and answers to three security questions. Choose answers that you're sure to remember.*
• If you don't want to use iCloud FileVault recovery, you can create a local recovery key. Keep the letters and numbers of the key somewhere safe—other than on your encrypted startup disk.

If you lose both your account password and your FileVault recovery key, you won't be able to log in to your Mac or access the data on your startup disk.

Encryption occurs in the background as you use your Mac, and only while your Mac is awake and plugged in to AC power. You can check progress in the FileVault section of Security & Privacy preferences. Any new files that you create are automatically encrypted as they are saved to your startup disk.

When FileVault setup is complete and you restart your Mac, you will use your account password to unlock your disk and allow your Mac to finish starting up. FileVault requires that you log in every time your Mac starts up, and no account is permitted to log in automatically.

Reset your password or change your FileVault recovery key

If you forget your account password or it doesn't work, you might be able to reset your password.

If you want to change the recovery key used to encrypt your startup disk, turn off FileVault in Security & Privacy preferences. You can then turn it on again to generate a new key and disable all older keys.

Protect The Cheese Mac Os Catalina

Turn off FileVault

If you no longer want to encrypt your startup disk, you can turn off FileVault:

1. Choose Apple menu > System Preferences, then click Security & Privacy.
2. Click the FileVault tab.
3. Click , then enter an administrator name and password.
4. Click Turn Off FileVault.

Decryption occurs in the background as you use your Mac, and only while your Mac is awake and plugged in to AC power. You can check progress in the FileVault section of Security & Privacy preferences.

Learn more

Protect The Cheese Mac Os X

• Learn how to create and deploy a FileVault recovery key for Mac computers in your company, school, or other institution.
• If you're using FileVault in Mac OS X Snow Leopard, you can upgrade to FileVault 2 by upgrading to OS X Lion or later. After upgrading OS X, open FileVault preferences and follow the onscreen instructions to upgrade FileVault.
• RAID partitions or non-standard Boot Camp partitions on the startup drive might prevent OS X from installing a local Recovery System. Without a Recovery System, FileVault won't encrypt your startup drive. Learn more.

Protect The Cheese Mac Os Catalina

* If you store your recovery key with Apple or your iCloud account, there's no guarantee that Apple will be able to give you the key if you lose or forget it. Not all languages and regions are serviced by AppleCare or iCloud, and not all AppleCare-serviced regions offer support in every language. If you set up your Mac for a language that AppleCare doesn't support, then turn on FileVault and store your key with Apple (OS X Mavericks only), your security questions and answers could be in a language that AppleCare doesn't support.