Apple Releases macOS High Sierra Security Update to Fix Root Password Vulnerability

Apple today released Security Update 2017-001 to fix a serious vulnerability that enables access to the root superuser account with a blank password on any Mac running macOS High Sierra version 10.13.1.


The critical bug, which gained attention after it was tweeted by developer Lemi Ergin yesterday, lets anyone gain administrator privileges by simply entering the username "root" and a blank password in System Preferences > Users & Groups.

The security update is rolling out on the Mac App Store now, and it should be installed by all users running macOS High Sierra as soon as possible. Regardless, starting later today, Apple said the security update will be automatically installed on all Macs running macOS High Sierra 10.13.1.

Apple has since apologized for the vulnerability in a statement issued to MacRumors:

Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS.

When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. This morning, as of 8 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.

We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.

The vulnerability does not affect macOS Sierra or any other previous version of the operating system.

Top Rated Comments

(View all)
Avatar
31 months ago
How embarrassing...

I wish Apple did a better job testing their releases. We used to enjoy such high quality when it came to software updates and releases.
Score: 42 Votes (Like | Disagree)
Avatar
31 months ago

That was quick

And it was utterly necessary that it be just that.
Score: 36 Votes (Like | Disagree)
Avatar
31 months ago
That was quick
Score: 34 Votes (Like | Disagree)
Avatar
31 months ago

How embarrassing...

I wish Apple did a better job testing their releases. We used to enjoy such high quality when it came to software updates and releases.

You ever heard of Windows? Perhaps you should read up on that OS if you haven't.

Also, give me a break. Nobody finds everything, not even "Apple". Patched quickly and painlessly. Move along.
Score: 31 Votes (Like | Disagree)
Avatar
31 months ago

You ever heard of Windows? Perhaps you should read up on that OS if you haven't.

Also, give me a break. Nobody finds everything, not even "Apple". Patched quickly and painlessly. Move along.

Three... count 'em... THREE... critical and ridiculous security issues with Mac OS High Sierra within as many months. This one, the Disk utility one, and the keychain one. And that's just the security issues...

There's no excuse for it. Saying "well, microsoft is just as bad" just means that Apple is stooping to Microsoft's level... but I'd actually venture to say that Apple is starting to get worse than Microsoft when it comes to Mac OS vs Windows.
Score: 13 Votes (Like | Disagree)
Avatar
31 months ago
This is actually an argument in favor of public disclosure of vulnerabilities. Lemi Orhan Ergin was catching a lot of criticism yesterday for posting it on twitter, but if this bug had been reported privately, it would have taken much longer to fix, while malicious actors would be able to exploit it all along.
Score: 10 Votes (Like | Disagree)

Top Stories

Leaker Claims New 13-inch MacBook Pro Coming as Soon as Next Month

Monday April 6, 2020 2:56 am PDT by Tim Hardwick
Apple will announce a new 13-inch MacBook Pro in May with the codename J223, according to a rumor shared by YouTuber and leaker Jon Prosser. Note: it’s a refresh to the current 13” So the bigger 14” display upgrade is a big possibility— Jon Prosser (@jon_prosser) April 4, 2020 Analyst Ming-Chi Kuo has said Apple plans to release new MacBook Pro and MacBook Air models with scissor keyboards ...

iOS 14 Could Offer Home Screen Widgets, Wallpaper Customizations

Saturday April 4, 2020 3:30 pm PDT by Frank McShan
iOS 14 could offer home screen widgets and wallpaper customizations for the first time, according to 9to5Mac and Twitter user DongleBookPro. Apple is reportedly working to implement widgets that can be moved freely around like icons on the iPhone and iPad homescreen for the very first time. The feature is reportedly codenamed "Avocado" and no other details are available. It was also...

Top Stories: Apple Leaks iPhone SE and AirTags, Apple Buys Dark Sky, and More

Saturday April 4, 2020 6:00 am PDT by MacRumors Staff
With the calendar rolling over to April this week, we yet again saw several leaks and rumors, most notably including Apple itself leaking some references to a pair of long-rumored products: a new budget iPhone SE and AirTags item trackers. Subscribe to the MacRumors YouTube channel for more videos. Apple also acquired popular weather app Dark Sky, while Amazon's Prime Video app now allows...

Apple Music Was Second Biggest Global Music Streaming Service in 2019

Friday April 3, 2020 5:38 pm PDT by Juli Clover
Global online music streaming subscriptions were up 32 percent year-over-year in 2019, hitting 358 million subscribers, according to new estimates shared today by Counterpoint Research. Spotify was the market leader with a 31 percent share of total revenue and a 35 percent share of total paid subscriptions, while Apple Music earned the second place slot with a 24 percent share of total...

More References to Apple's Upcoming Low-Cost iPhone Appear Online

Monday April 6, 2020 4:38 am PDT by Tim Hardwick
Further references to Apple's upcoming low-cost iPhone have appeared online, one on a Chinese e-commerce website and another on Verizon's smartphone trade-in page. Spotted by tech blog MySmartPrice, Chinese retailer JD.com has published a placeholder for Apple's so-called "iPhone 9" that includes a teaser image of a veiled smartphone, but other than that it lacks any particularly revealing...

The New York Times, IFTTT, Medium, and Other Apps Adopt Sign in With Apple Ahead of June 30 Deadline

Sunday April 5, 2020 7:08 pm PDT by Frank McShan
Apps with sign-in functionality, including The New York Times, IFTTT, Medium, and more, have continued to adopt Apple's secure Sign in with Apple feature ahead of a deadline of June 30. The deadline for these apps to support the feature was recently extended from April 30. Sign in with Apple, first introduced in iOS 13, allows users to create accounts for apps and websites using an Apple ID. ...

Apple Offers Employees Deep Discounts on HomePod, Beats Headphones and More

Friday April 3, 2020 11:14 am PDT by Juli Clover
Apple is offering employees significant discounts on products that include the HomePod and Beats headphones, according to details on the deals shared by MacGeneration and 9to5Mac. Apple is said to be clearing stock of Beats headphones and HomePods, providing them to employees through an internal deals program. The HomePod is available at a 50 percent discount, dropping the price to $149.50,...

New Low-Cost 'iPhone SE' Could Launch as Soon as Tomorrow

Thursday April 2, 2020 4:06 pm PDT by Juli Clover
Apple's new low-cost iPhone is set to launch as early as Friday, April 3, according to a new report from 9to5Mac that cites a tip from a "highly trusted reader." The site says that while it can't be certain about the launch date, "Apple could reveal and begin taking orders for the new iPhone as soon as tomorrow." The iPhone 8 Apple is said to be planning to call the new iPhone, which is...

EPIX Available for Free Through Apple TV Channels Until May 2, No Subscription Required

Saturday April 4, 2020 9:28 am PDT by Frank McShan
EPIX is currently offering free access to its catalog of movies and TV shows through the Apple TV Channels feature in the TV app, and many additional services are also offering extended free trials. Upon navigating to the Apple TV app, users will notice that EPIX is listed under the "My Channels" section. Rather than offering an extended trial where users must first sign up, EPIX is...

iPad Launched 10 Years Ago Today, App Developer Reflects on Getting Access to a Top-Secret Prototype

Friday April 3, 2020 10:53 am PDT by Joe Rossignol
On the 10th anniversary of the iPad launching in stores, Agile Partners co-founder Jack Ivers has shared an interesting story about how his company managed to get in Apple's good graces and ultimately gain access to prototype iPads. The story begins in 2008, when Agile Partners released GuitarToolkit as one of the first iPhone apps on the App Store. The app used the iPhone's microphone to...