It hasn’t been a good few months for Apple and Mac users with the recent discovery of password security holes in macOS 10.13 High Sierra. In November it was discovered there was a gaping exploit in High Sierra that could give anyone root access to your Mac. And then a few days ago it was discovered that there’s a way for others to change your Mac App Store preferences using another exploit. That’s not to mention the Meltdown and Spectre flaws in Intel chips which recently became apparent having apparently gone unnoticed for almost 20 years.
Patches have already been issued for the Intel and root admin exploits in the macOS 10.13.2 update with a macOS 10.13.3 patch for the Mac App Store exploit expected any day now. If you’re not sure whether you’re protected or covered with the patches available so far though, make sure you’ve done the following.
- Run Software Update on your Mac. This is the easiest way to ensure you’re automatically patched. You can either do this via the Mac App Store app under the Updates Tab or you can go to the Apple logo in the top left corner of your Mac desktop, select About This Mac and then click Software Update…
- If neither of these methods work for any reason, you can also manually install this update from Apple for the root access exploit.
It should be stressed than both High Sierra vulnerabilities would require a malicious user to have physical access to your Mac so the risk for most users is small. However, if you’ve left your Mac unattended or share your Mac with other users in an office, educational institution or at home, it’s important to make sure you update macOS 10.13 High Sierra as soon as possible.
You will be notified via the Mac App Store when an update is available for the Mac App Store exploit or you can keep checking Software Update.
If you have any problems applying this update or think your Mac may have been compromised, let us know.