Apple today released Security Update 2017-001 macOS High Sierra v10.13.1 which includes:
Directory Utility
Available for: macOS High Sierra 10.13.1
Not impacted: macOS Sierra 10.12.6 and earlier
Impact: An attacker may be able to bypass administrator authentication without supplying the administrator’s password
Description: A logic error existed in the validation of credentials. This was addressed with improved credential validation.
CVE-2017-13872
When you install Security Update 2017-001 on your Mac, the build number of macOS will be 17B1002.
MacDailyNews Take: Install ASAP.
SEE ALSO:
Tim Cook’s sloppy, unfocused Apple rushes to fix a major Mac security bug – November 29, 2017
What to do about Apple’s shameful Mac security flaw in macOS High Sierra – November 29, 2017