Posts Categorized: Security Alert

 Canvas Cybersecurity Issue

Description

Update – Honorlock is experiencing intermittent issues. If you cannot access Honorlock, please clear Chrome cache and cookies and then relaunch Chrome.

Update – Instructure reissued certain application keys as a precautionary step, which requires end users to re-authorize access to those tools. Reissued application keys contain a timestamp in the name and will be visible to users during reauthorization. These are valid Instructure created keys and users should proceed with the authorization process when prompted.

Instructure, the makers of Canvas, recently experienced a cybersecurity incident and is actively investigating this incident with the help of outside forensics experts. This attack is not specific to the University of Missouri Canvas instance. The University is awaiting additional information from Instructure to determine if our data was impacted. We will provide new information as it is confirmed.

Posted: 5/4/26 9:17 am
Last updated: 6/11/26 3:41 pm
Event type: Informational
Current status: Resolved
Service Canvas, Security Alert

 Warning! Mac OSX High Sierra 10.13 Vulnerability

Description

A security flaw has been detected in Mac operating systems, High Sierra 10.13 or greater.  This vulnerability allows anyone to login to a Mac device and change administrative settings by typing in the username “root” with no password more details can be found in the links provided.

 

Systems at Risk

  • Currently, this vulnerability is only detected in users with a Mac operating system that has been upgraded to High Sierra 10.13 or greater.
  • Systems with local console access, such as shared usage computers in teaching or lab environments, where users of shared computers are not privileged with root access.
  • Systems with Apple Remote Desktop (ARD) enabled

Systems Not at Risk

  • Mac operating systems that are prior to 10.13
  • Systems using SSH (Secure Shell)

Recommended Actions

  1. High Sierra 10.13 or greater users: A possible fix is to create a root account, then set a password and leave it enabled.  Instructions can be found here: https://www.macrumors.com/how-to/temporarily-fix-macos-high-sierra-root-bug/
  • If you do not have the latest MacOS, do not upgrade to High Sierra 10.13 or greater until a patch is made available

More Information

https://www.macrumors.com/how-to/temporarily-fix-macos-high-sierra-root-bug/

 

https://www.theverge.com/2017/11/28/16711782/apple-macos-high-sierra-critical-password-security-flaw

 

http://www.pocket-lint.com/news/142980-macos-high-sierra-root-bug-allows-admin-access-without-a-password-who-is-affected-and-is-there-a-fix http://uk.businessinsider.com/macos-high-sierra-can-be-hacked-with-username-root-and-no-password-2017-11

 

Posted: 11/29/17 7:58 am
Last updated: 11/2/18 9:48 am
Event type: Informational
Current status: Resolved
Service Security Alert