How To Protect Your Network From Future Mac OS X Vulnerabilities

The IT world is still recovering from the effects of a major error in the Mac OS X High Sierra update that gave potential hackers backdoor computer access through a flawed password verification process. Apple released a patch for the bug within 24 hours, but not before millions of workstations were rendered vulnerable to data and security threats. The bug meant that any unattended Mac computer could be hacked, giving that person unauthorized access to computer settings, administrative rights, and personal data such as files and emails.

Unfortunately for Apple, users who hadn’t updated to the current version of High Sierra, 10.13.1, but had downloaded the patch, saw the bug return when they updated to the current version. To confirm your devices are protected against the vulnerability, instructions from Apple support are at the bottom of the post.

As devastating as this error could have been for consumers, imagine the cost of a data breach for companies managing extensive employee networks of workstations in industries like banking, healthcare, or education? As Apple gains a firmer foothold in the enterprise space, the amount of corporate data at risk when Mac OS X updates are released with errors increases.

While core security threats often appear to come from flaws in operating system updates (including Windows and Linux), one preventable cause stems from poor patch management processes within IT departments. Patch management has earned the nickname “security’s dirty little secret” in the industry as IT professionals acknowledge the need for simple, affordable patch management, but admit that lack of budget, time, and resources limits their ability to evaluate and invest in newer automated patching solutions.

Inside Track, a technology-based education coaching provider, credits automated patch management with helping them protect their network of 250 remote workers from the Apple Mac OS X bug. “With an automated solution, we were able to see which endpoints were vulnerable and automatically deploy the patch to those endpoints”, stated Chris Borte, Director of IT and DevOps for Inside Track. “It also helped that our solution supported Windows, Mac and Linux so I didn’t need a separate solution for Mac,” added Borte.

Research shows that 90% of exploited vulnerabilities are at least a year old, and 20% are over ten years old. Although fixes have been released for these vulnerabilities, many companies never apply the patches because they can’t keep up with new patches or effectively manage their backlog. With automated patch management, outstanding patches can be classified by severity, and vulnerable endpoints can be identified, prioritized, and patched within minutes of new patches being released, allowing security teams to work on other pressing issues.

One of the main reasons software vendors issue patches is to fix errors that could potentially compromise data or network security. In Apple’s case, they responded quickly with a patch but were still labeled sloppy for not catching an embarrassingly simple, yet catastrophic, bug in the first place and issuing a patch that wasn’t able to update successfully for users of the earlier version of Mac OS X High Sierra. While zero-day attacks are par for the course in a world where hackers are waiting for opportunities to exploit weaknesses, IT professionals can exponentially limit their security risks by automating patching so the window of vulnerability closes as quickly as possible.


How to verify you are patched for Apple CVE-2017-13872:

If you see MRTConfigData 1.27 in the Installations list under Software in System Report, your Mac is protected.

To confirm that your Mac has Security Update 2017-001:

  • Open the Terminal app, which is in the Utilities folder of your Applications folder.
  • Type what /usr/libexec/opendirectoryd and press Return.
  • If Security Update 2017-001 was installed successfully, you will see one of these project version numbers:
  • opendirectoryd-483.1.5 on macOS High Sierra 10.13
  • opendirectoryd-483.20.7 on macOS High Sierra 10.13.1

If you require the root user account on your Mac, you will need to re-enable the root user and change the root user's password after this update.

About Automox

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.

Experience modern, cloud-native management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.