Click to Skip Ad
Closing in...
  1. Mattress Topper Amazon
    14:44 Deals

    33,000 Amazon shoppers say this mattress topper deserves 5 stars – today it’s…

  2. Amazon Deals
    10:42 Deals

    Today’s best deals: Free $25 from Amazon, $600 projector for $230, $8 wireless charg…

  3. Prime Day Deals
    10:03 Deals

    Prime Day starts Monday – but these amazing Prime Day deals start now

  4. Best Smart Home Devices 2021
    08:45 Deals

    10 smart home devices on Amazon you’ll wonder how you ever lived without

  5. Prime Day Deals
    09:43 Deals

    These early Prime Day deals have prices so low, it’s like Amazon made a mistake

Go download the fix for the macOS High Sierra login bug right now

November 29th, 2017 at 11:24 AM
MacOS High Sierra root login bug, security patch from Apple

Apple has released a security update for macOS High Sierra that fixes the (terrifying) root login bug that was first exposed yesterday. The problem appears to have been simple to fix, as Apple had this security patch out in near-record time. Anyone running macOS High Sierra 10.13.1 should make sure they go download and install the update right now.

The root login bug revealed yesterday was the holy grail of security flaws. It allowed anyone to login to a Mac on the root account, simply by entering username “root” and leaving the password field empty. Once someone has root access, there’s basically no limitations to what they can do. Root is a “superuser” account with read and write privileges over the entire system, including other user accounts. That means that anyone with 30 seconds and physical access to your machine can install programs, read and write files and system files, and do basically anything else you can imagine.

Apple confirmed yesterday that it was working on a software update, but didn’t give any further details about the security flaw or what caused it. In the documentation for the security patch today, Apple tersely admitted the existence of the bug, and blamed it on a “logic error” in the validation of credentials:

Impact: An attacker may be able to bypass administrator authentication without supplying the administrator’s password

Description: A logic error existed in the validation of credentials. This was addressed with improved credential validation.

In addition, Apple issued a statement alongside the update:

Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS.

When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. This morning, as of 8 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.

We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.

To install the security update on your Mac, open the App Store, and click on the Updates tab in the top right. You should see an update for Mac firmware near the top of that list; click update to download and install the patch. As always, it’s a good idea to have your important data backed up, especially since this software update has been rushed out without a chance to extensively test it.

Popular News