A security flaw has been detected on Apple devices running macOS High Sierra 10.13 or greater. Users who have previously updated to 10.13 need to update their operating system as soon as possible using the steps below. The vulnerability allows anyone to login to a Mac device and change administrative settings by typing in the username “root” with no password.

Note: macOS High Sierra is currently not supported by Queen's ITS.

Currently, this vulnerability is only detected in users with a Mac operating system that has been upgraded to High Sierra 10.13 or greater.

How can I protect myself?

• If your machine is running 10.13, it should immediately be upgraded to 10.13.1 and have Apple Security Update 2017-001 installed (instructions can be found here)


• If your machine cannot be upgraded, you must enable the root account and set a complex password (instructions found here)


• No action is required for machines running macOS 10.12.6 or earlier

If you have any issues concerning this notification, please contact the IT Support Centre at (613)533-6666 or by filling out the online help form.