Earlier this week, a security researcher discovered a gaping flaw in macOS High Sierra, which allowed anyone to walk up to a Mac and gain complete access to the machine in seconds with no technical skill. Apple patched the flaw as quickly as you’d imagine, but according to a report from Wired, even the update to patch the flaw is, well, flawed.
Users have reached out to Wired to say that the patch doesn’t kill the root login bug altogether, or if it does, it doesn’t take effect until you reboot (something Apple said was not necessary):
Now multiple Mac users have confirmed to WIRED that Apple’s fix for that problem has a serious glitch of its own. Those who had not yet upgraded their operating system from the original version of High Sierra, 10.13.0, to the most recent version, 10.13.1, but had downloaded the patch, say the “root” bug reappears when they install the most recent macOS system update. And worse, two of those Mac users say they’ve also tried re-installing Apple’s security patch after that upgrade, only to find that the “root” problem still persists until they reboot their computer, with no warning that a reboot is necessary.
So, uh, if you’ve downloaded and installed the update, maybe just go ahead and reboot right now to make sure your computer is safe. And, while you’re at it, you should set a password for the root account anyway, just to be on the safe side.