Home > Mac administration, macOS > Security Update 2017-001 being pushed to both macOS 10.13.0 and 10.13.1

Security Update 2017-001 being pushed to both macOS 10.13.0 and 10.13.1

November 30, 2017 Leave a comment Go to comments

To fix the vulnerability popularly referred to as #IAMROOT , Apple has begun pushing Security Update 2017-001 to Macs running the following OS versions:

  • macOS 10.13.0
  • macOS 10.13.1

This update is being deployed using the same automated installation mechanism that Apple previously used to deploy OS X NTP Security Update 1.0 back in 2014, where Security Update 2017-001 is being silently downloaded and installed on vulnerable Macs.

Screen Shot 2017 11 30 at 2 08 59 PM

For more details, please see below the jump.

To verify that Security Update 2017-001 has been installed, you should be able to check the Updates page of the Mac App Store (MAS).

If it hasn’t been automatically installed yet, it should appear as an available update.

Screen Shot 2017 11 30 at 3 39 18 PM

 

If it has been installed, it should show up in the list of installed updates.

Screen Shot 2017 11 30 at 3 43 47 PM

 

Something to be aware of is that the initial release of Security Update 2017-001 for 10.13.1 had a problem where file sharing did not work following the installation of the update. To address and fix the file sharing issue, Apple has released an updated Security Update 2017-001 for 10.13.1, which is being installed on both still-vulnerable Macs and also on Macs which had received the first release of Security Update 2017-001 for 10.13.1.

If your Mac received both versions of Security Update 2017-001 for 10.13.1, the list of installed updates in the MAS may look a little odd.

Screen Shot 2017 11 30 at 2 51 26 PM

However, nothing’s actually wrong. The double listing for Security Update 2017-001 means both releases of Security Update 2017-001 were installed.

If you need to verify via the command line that Security Update 2017-001 has been installed, use the procedure shown below:

On macOS 10.13.0, run the following command:

pkgutil --packages | grep com.apple.pkg.update.os.10.13Supplemental.17A501

If Security Update 2017-001 for 10.13.0 has been installed has been installed, the following output should be returned:

computername:~ username$ pkgutil --packages | grep com.apple.pkg.update.os.10.13Supplemental.17A501
com.apple.pkg.update.os.10.13Supplemental.17A501
computername:~ username$

 

On macOS 10.13.1, run the following command:

pkgutil --packages | grep com.apple.pkg.update.os.10.13.1Supplemental.17B100*

If only the initial release of Security Update 2017-001 for 10.13.1 has been installed, the following output should be returned:

computername:~ username$ pkgutil --packages | grep com.apple.pkg.update.os.10.13.1Supplemental.17B100*
com.apple.pkg.update.os.10.13.1Supplemental.17B1002
computername:~ username$

If only the latest release of Security Update 2017-001 for 10.13.1 has been installed, the following output should be returned:

computername:~ username$ pkgutil --packages | grep com.apple.pkg.update.os.10.13.1Supplemental.17B100*
com.apple.pkg.update.os.10.13.1Supplemental.17B1003
computername:~ username$

If both releases of Security Update 2017-001 for 10.13.1 have been installed, the following output should be returned:

computername:~ username$ pkgutil --packages | grep com.apple.pkg.update.os.10.13.1Supplemental.17B100*
com.apple.pkg.update.os.10.13.1Supplemental.17B1003
com.apple.pkg.update.os.10.13.1Supplemental.17B1002
computername:~ username$
Categories: Mac administration, macOS
  1. fracus84
    December 1, 2017 at 1:21 pm
    Reply

    Just curious…if you have all Apple updates disabled on client machines do these Apple “forced” security updates still install?

  2. donmontalvo
    December 1, 2017 at 11:25 pm
    Reply

    Not sure build number is the right way to go..Apple article HT208315 says to use “project version” of opendirectoryd (what /usr/libexec/opendirectoryd), so we set up an EA to pull the version and go from there:

    #!/bin/sh

    odVersion=$( what /usr/libexec/opendirectoryd | awk ‘{ print $2 }’ | cut -f2 -d “-” | tr -d “\n” )

    echo “${odVersion}”

  3. krosha
    December 4, 2017 at 3:57 pm
    Reply

    I think I found a new bug that comes in after the fix. I received a new MacBook Air that shipped with 10.13. After running all updates, I tried to turn on FileVault through the System Prefs and have found that it won’t complete.

    First I got a message to say that the admin account did not have authorisation to complete the task. So I reinstalled 10.13, thinking that maybe it was a bad install from the factory. Now I get a “Error in Security & Privacy Preferences.”

    Enabling via fdesetup did work.

  1. No trackbacks yet.

Leave a comment