Apple Releases macOS High Sierra Security Update to Fix Root Password Vulnerability
Apple today released Security Update 2017-001 to fix a serious vulnerability that enables access to the root superuser account with a blank password on any Mac running macOS High Sierra version 10.13.1.
The critical bug, which gained attention after it was tweeted by developer Lemi Ergin yesterday, lets anyone gain administrator privileges by simply entering the username "root" and a blank password in System Preferences > Users & Groups.
The security update is rolling out on the Mac App Store now, and it should be installed by all users running macOS High Sierra as soon as possible. Regardless, starting later today, Apple said the security update will be automatically installed on all Macs running macOS High Sierra 10.13.1.
Apple has since apologized for the vulnerability in a statement issued to MacRumors:
Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS.
When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. This morning, as of 8 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.
We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.
The vulnerability does not affect macOS Sierra or any other previous version of the operating system.
Popular Stories
The Apple Watch Series 8 could feature an all-new design with a flat display, according to the leaker known as "ShrimpApplePro."
In his latest video on the YouTube channel Front Page Tech, Jon Prosser highlighted information from ShrimpApplePro that suggests the Apple Watch Series 8 could feature a flat display in what seems to be a design originally rumored for the Apple Watch Series 7. ...
While Apple's early M1-based Macs can only officially support a single external display, there are ways around the limitation. Anker is launching a new 10-in-1 USB-C docking station today which delivers just that.
The Anker 563 USB-C dock includes two HDMI ports and a DisplayPort port, and it leverages DisplayLink to carry multiple video signals over a single connection. Given that this hub...
Apple today released macOS Monterey 12.4, the fourth major update to the macOS Monterey operating system that launched in October 2021. macOS Monterey 12.4 comes over two months after the launch of macOS Monterey 12.3, an update that added Universal Control.
The macOS Monterey 12.4 update can be downloaded on all eligible Macs using the Software Update section of System...
WhatsApp is working on a new feature that will allow users to "silently" leave group chats hosted by the messaging platform instead of all members of the group being notified when they do.
As it stands, when someone leaves a group chat, WhatsApp announces their exit to the entire group, making the act of leaving very public. It's not possible right now to leave a group quietly, but WhatsApp...
Apple today shared a new ad highlighting iPhone privacy features like App Tracking Transparency and Mail Privacy Protection that are designed to give users more transparency and control when it comes to their personal data being collected.
The ad revolves around a young woman named Ellie who discovers that her personal data is being sold at an auction house, with bids being placed on her...
Apple's AirPods ruptured the eardrums of a 12-year-old boy in 2020 when a loud Amber Alert was issued, according to a lawsuit filed against Apple in California (via Law360).
The child, identified as B.G. in the filing, was watching a movie on Netflix on his iPhone in 2020 while wearing AirPods Pro. The AirPods Pro were allegedly set at a low volume, but an Amber Alert sounded without warning ...
Apple retail employees at around 100 stores will need to go back to wearing a mask while working, according to Bloomberg's Mark Gurman. Apple is mandating masks for employees again due to a rising number of COVID cases across the United States.
Customers who visit an Apple Store are not required to wear a mask at this time, but Apple is continuing to recommend masks for all Apple Store...
Top Rated Comments
I wish Apple did a better job testing their releases. We used to enjoy such high quality when it came to software updates and releases.
Also, give me a break. Nobody finds everything, not even "Apple". Patched quickly and painlessly. Move along.
There's no excuse for it. Saying "well, microsoft is just as bad" just means that Apple is stooping to Microsoft's level... but I'd actually venture to say that Apple is starting to get worse than Microsoft when it comes to Mac OS vs Windows.