A security vulnerability in macOS High Sierra (10.13), which allows users to gain access to admin rights without a password, has been discovered.

This means that anyone who has physical access to your Mac (or can access it via remote desktop) can easily log into it and gain full control over it.

If you own a Mac computer or laptop, you’ll need to set a root password to help protect it. This is especially important if you have remote desktop access switched on.

We strongly advise all students and staff at LSE to protect their Macs by changing their root password.

Apple has issued guidance on how to change you root password here: https://support.apple.com/en-us/HT204012.

If you need help with setting your root password, please visit the Laptop Surgery in the Walk In Centre (Library, 1st floor). For advice on choosing a secure password and how to store it, visit www.lse.ac.uk/password

Mac OS security bug

If you are using an LSE-owned Mac, you do not need to do anything – we have already put security measures in place.

To verify that your LSE Mac is secure you can launch LSE Self Service from the Applications folder and run the ‘Root account patch verification’ package, from the “Security” category. If you don’t have LSE Self Service installed, please get in touch with the Service Desk.

If you have any questions about this security vulnerability or would like further advice, please contact the IT Service Desk:

You can also visit the IMT Walk In Centre on the 1st floor of the Library.

The Laptop Surgery is open Monday-Friday, 10am-2pm during Michaelmas Term.