Apple explains how to fix macOS High Sierra file sharing after security update breaks feat...

Posted:
in macOS edited November 2017
Though today's macOS High Sierra security update patched a critical root user bug, it introduced a problem that prevents Mac users from authenticating or connecting to file shares on their Mac.




Briefly outlined in a document posted to Apple's Support pages, the issue appears to impact only a portion of macOS High Sierra users who downloaded and installed today's security update.

The number of people affected by the file sharing bug is unknown, but it seems a system library error is to blame for failed authentications. Impacted users took to social media to report the problem, which is quickly solved with a minor Terminal procedure.

As noted by Apple in its Support Document, users experiencing file sharing issues need to do the following:

1. Open the Terminal app, which is in the Utilities folder of your Applications folder.
2. Type sudo /usr/libexec/configureLocalKDC and press Return.
3. Enter your administrator password and press Return.
4. Quit the Terminal app.

That Apple introduced a second issue with its fix for the recently discovered root access bug is unfortunate, but the remedy is a small price to pay to ensure that your Mac is secure.

On Tuesday, researchers went public with a macOS High Sierra flaw that allows anyone to log in as a Mac's "root" System Administrator without requiring a password. Using the same method, nefarious users can also bypass the macOS lock screen and, in some cases, gain root access to a Mac remotely if certain screen sharing, remote access or VNC sessions are enabled.

Apple promised a fix just hours after the security hole hit media outlets. The company delivered the patch early today as Security Update 2017-001, which was made available through the Mac App Store.
«1

Comments

  • Reply 1 of 31
    macxpressmacxpress Posts: 4,077member
    Wait for it....wait for it....Tim Cook needs to be fired!!! 
    airmanchairmanSoliargonaut
  • Reply 2 of 31
    macxpress said:
    Wait for it....wait for it....Tim Cook needs to be fired!!! 
    This wouldn't happen if Steve was still alive.
    airmanchairmanmacxpresskingofsomewherehotzroger73baconstangsandorargonautSpamSandwich
  • Reply 3 of 31
    Doomed, I say, doomed...
    racerhomieargonaut
  • Reply 4 of 31
    Excellent. Oh wait, I didn't even have any issue with root user bug, why should I install this patch. Silly.
  • Reply 5 of 31
    macxpressmacxpress Posts: 4,077member
    fahlman said:
    macxpress said:
    Wait for it....wait for it....Tim Cook needs to be fired!!! 
    This wouldn't happen if Steve was still alive.
    Nope never! Ever! :smiley: 

    We all joke, but just go to MacRumors and you'll read these same things. Its almost comical! 
    emig647williamlondonargonaut
  • Reply 6 of 31
    Good timing . 
  • Reply 7 of 31
    kevin kee said:
    Excellent. Oh wait, I didn't even have any issue with root user bug, why should I install this patch. Silly.
    @Kevin Kee - you do realise that this bug allows anyone who has physical access to your computer to log in as root (higher than Admin privileges) without a password. Also, if you have file sharing turned on anyone can then access your computer as root. This is the most serious bug I've ever heard of on an Apple device, glad to see Apple were on the ball and released a fix quickly
    Solidysamoria
  • Reply 8 of 31
    dagaz said:
    kevin kee said:
    Excellent. Oh wait, I didn't even have any issue with root user bug, why should I install this patch. Silly.
    root (higher than Admin privileges)
    Please explain the difference.
    baconstang
  • Reply 9 of 31
    These last couple months of bug fixes have been an embarrassingly public game of whack-a-mole. 
    pakittdysamoriajongrall
  • Reply 10 of 31
    I posted on the forum before the patch yesterday that Apple couldn’t create a patch so quickly without doing proper Q.A (which potentially could break other features).

    And here we are.
    avon b7williamlondonpakittdysamoriajongrall
  • Reply 11 of 31
    linkman said:
    dagaz said:
    kevin kee said:
    Excellent. Oh wait, I didn't even have any issue with root user bug, why should I install this patch. Silly.
    root (higher than Admin privileges)
    Please explain the difference.
    MacOS keeps users away from logging in as root by introducing the ‘admin’ role. This admin role allows you to administer the system fully but doesn’t grant all permissions which could damage your installation beyond repair, unless it’s overridden by the ‘sudo’ command in Terminal which requires you to authenticate.

    Even with the sudo command (as admin) there are operations you cannot do, which root does allow. Not only macOS uses this principle, some other Unix and Linux distros do the same.

    Basically you can compare the ‘root’ user with a tree root; root has full control, all other user types are layered on top, including ‘admin’ and ‘guest’ users.

    Gaining root rights in macOS by entering an empty password is therefore an incredibly stupid oversight.
    edited November 2017 Rayz2016docno42pakittdysamoriadagaz
  • Reply 12 of 31
    Rayz2016Rayz2016 Posts: 3,400member
    Reposting this here because I think it’s important.  

    http://www.bbc.co.uk/news/technology-42174168

    Apple’s apology for the original snafu. 
  • Reply 13 of 31
    Running 10.13 here and the patch isn't available. So unless I updated to 10.13.1 in order to take advantage of 'mythical creatures and more expressive smiley faces' I would never know I had an issue  :/
    jongrall
  • Reply 14 of 31
    JanNLJanNL Posts: 224member
    Applied the patch yesterday, version 17B1002. Today there was another security update with the same name, but now the Mac is on 17B1003...
    Maybe a "better version" of the same patch?

  • Reply 15 of 31
    macxpressmacxpress Posts: 4,077member
    hentaiboy said:
    Running 10.13 here and the patch isn't available. So unless I updated to 10.13.1 in order to take advantage of 'mythical creatures and more expressive smiley faces' I would never know I had an issue  :/
    This is why you should be keeping your system(s) updated. 
  • Reply 16 of 31
    lkrupplkrupp Posts: 5,805member
    Yet another security update out this morning. I wonder if this one is for the file sharing issue. The terminal command could be a problem for the common user who has no clue about syntax. Better Apple does it for them in a security update.
    williamlondondysamoria
  • Reply 17 of 31
    neilmneilm Posts: 523member
    linkman said:
    dagaz said:
    kevin kee said:
    Excellent. Oh wait, I didn't even have any issue with root user bug, why should I install this patch. Silly.
    root (higher than Admin privileges)
    Please explain the difference.
    The Admin user can shoot himself in the foot.
    The Root user can shoot herself in the head.

    Any questions?
    docno42jongrall
  • Reply 18 of 31
    lkrupp said:
    Yet another security update out this morning. I wonder if this one is for the file sharing issue. The terminal command could be a problem for the common user who has no clue about syntax. Better Apple does it for them in a security update.
    Sounds like the file sharing issue may actually be a pre-existing issue with the machine.  LKDC is broken, but due to the root user bug the system was ignoring the errors.  Maybe caused by a machine that was incorrectly cloned or imaged.  The LKDC must be rebuilt after cloning a machine.
    randominternetpersondysamoria
  • Reply 19 of 31
    dewmedewme Posts: 1,242member
    Rayz2016 said:
    Reposting this here because I think it’s important.  

    http://www.bbc.co.uk/news/technology-42174168

    Apple’s apology for the original snafu. 
    Good to see Apple openly admitting that it stumbled and made a mistake, which it has now corrected.

    The whole disclosure thing, however, still leaves me feeling cold about current manifestations of human nature and the depths to which they have sunk in terms of respect, consideration, and empathy.

    Imagine for a moment that you innocently stumbled upon the fact that the back door of a retail store, say an audio-video store selling big screen TVs, had a broken lock on the back door that the owner didn't know about. Upon closer examination you found that the broken lock would allow you to enter into the storage area of the store and make off with anything in the store's inventory while being completely undetected. Would you:

    a. Help yourself to whatever you want in the store's storage area.
    b. Call all of your friends and tell them know about the broken door lock and potential availability of free stuff for easy pickings.
    c. Talk to the store owner and let him or her know what you've stumbled upon.

    The person who discovered the root flaw decided answer "b" was the right one in this case. I'm sorry, but this doesn't sit well with me. Maybe our current culture has devolved into one where screwing everyone who's not YOU is standard operating procedure, but it still isn't right. Whether it's some small time business owner just trying to get by or a multinational company supporting millions of jobs, families, and shareholders, practicing a tiny bit of consideration for once wouldn't kill the guy. Sure, his good deed would go unnoticed compared to the notoriety he's getting now, but so what. 
    equality72521docno42randominternetperson
  • Reply 20 of 31
    lkrupplkrupp Posts: 5,805member
    JanNL said:
    Applied the patch yesterday, version 17B1002. Today there was another security update with the same name, but now the Mac is on 17B1003...
    Maybe a "better version" of the same patch?

    The notes page for this update has a section that includes a terminal command to verify that the update installed successfully. Starting to look like the original update had issues, was pulled and re-released this morning. My installation is now on 17B1003 also after applying the new update. Hopefully we will find out what’s going on.
Sign In or Register to comment.