Security Update 2017-001 being pushed to both macOS 10.13.0 and 10.13.1
To fix the vulnerability popularly referred to as #IAMROOT , Apple has begun pushing Security Update 2017-001 to Macs running the following OS versions:
- macOS 10.13.0
- macOS 10.13.1
This update is being deployed using the same automated installation mechanism that Apple previously used to deploy OS X NTP Security Update 1.0 back in 2014, where Security Update 2017-001 is being silently downloaded and installed on vulnerable Macs.
For more details, please see below the jump.
To verify that Security Update 2017-001 has been installed, you should be able to check the Updates page of the Mac App Store (MAS).
If it hasn’t been automatically installed yet, it should appear as an available update.
If it has been installed, it should show up in the list of installed updates.
Something to be aware of is that the initial release of Security Update 2017-001 for 10.13.1 had a problem where file sharing did not work following the installation of the update. To address and fix the file sharing issue, Apple has released an updated Security Update 2017-001 for 10.13.1, which is being installed on both still-vulnerable Macs and also on Macs which had received the first release of Security Update 2017-001 for 10.13.1.
If your Mac received both versions of Security Update 2017-001 for 10.13.1, the list of installed updates in the MAS may look a little odd.
However, nothing’s actually wrong. The double listing for Security Update 2017-001 means both releases of Security Update 2017-001 were installed.
If you need to verify via the command line that Security Update 2017-001 has been installed, use the procedure shown below:
On macOS 10.13.0, run the following command:
pkgutil --packages | grep com.apple.pkg.update.os.10.13Supplemental.17A501
If Security Update 2017-001 for 10.13.0 has been installed has been installed, the following output should be returned:
computername:~ username$ pkgutil --packages | grep com.apple.pkg.update.os.10.13Supplemental.17A501 com.apple.pkg.update.os.10.13Supplemental.17A501 computername:~ username$
On macOS 10.13.1, run the following command:
pkgutil --packages | grep com.apple.pkg.update.os.10.13.1Supplemental.17B100*
If only the initial release of Security Update 2017-001 for 10.13.1 has been installed, the following output should be returned:
computername:~ username$ pkgutil --packages | grep com.apple.pkg.update.os.10.13.1Supplemental.17B100* com.apple.pkg.update.os.10.13.1Supplemental.17B1002 computername:~ username$
If only the latest release of Security Update 2017-001 for 10.13.1 has been installed, the following output should be returned:
computername:~ username$ pkgutil --packages | grep com.apple.pkg.update.os.10.13.1Supplemental.17B100* com.apple.pkg.update.os.10.13.1Supplemental.17B1003 computername:~ username$
If both releases of Security Update 2017-001 for 10.13.1 have been installed, the following output should be returned:
computername:~ username$ pkgutil --packages | grep com.apple.pkg.update.os.10.13.1Supplemental.17B100* com.apple.pkg.update.os.10.13.1Supplemental.17B1003 com.apple.pkg.update.os.10.13.1Supplemental.17B1002 computername:~ username$
Just curious…if you have all Apple updates disabled on client machines do these Apple “forced” security updates still install?
Not sure build number is the right way to go..Apple article HT208315 says to use “project version” of opendirectoryd (what /usr/libexec/opendirectoryd), so we set up an EA to pull the version and go from there:
#!/bin/sh
odVersion=$( what /usr/libexec/opendirectoryd | awk ‘{ print $2 }’ | cut -f2 -d “-” | tr -d “\n” )
echo “${odVersion}”
Wow WordPress bonked my post, here is a URL: https://www.jamf.com/jamf-nation/discussions/26306/addressing-macos-high-sierra-vulnerability#responseChild156878
I think I found a new bug that comes in after the fix. I received a new MacBook Air that shipped with 10.13. After running all updates, I tried to turn on FileVault through the System Prefs and have found that it won’t complete.
First I got a message to say that the admin account did not have authorisation to complete the task. So I reinstalled 10.13, thinking that maybe it was a bad install from the factory. Now I get a “Error in Security & Privacy Preferences.”
Enabling via fdesetup did work.