Apple Releases macOS High Sierra Security Update to Fix Root Password Vulnerability

Apple today released Security Update 2017-001 to fix a serious vulnerability that enables access to the root superuser account with a blank password on any Mac running macOS High Sierra version 10.13.1.

rootbug
The critical bug, which gained attention after it was tweeted by developer Lemi Ergin yesterday, lets anyone gain administrator privileges by simply entering the username "root" and a blank password in System Preferences > Users & Groups.

The security update is rolling out on the Mac App Store now, and it should be installed by all users running macOS High Sierra as soon as possible. Regardless, starting later today, Apple said the security update will be automatically installed on all Macs running macOS High Sierra 10.13.1.

Apple has since apologized for the vulnerability in a statement issued to MacRumors:

Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS.

When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. This morning, as of 8 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.

We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.

The vulnerability does not affect macOS Sierra or any other previous version of the operating system.

Related Forum: macOS High Sierra

Popular Stories

iPhone 17 Pro Lower Logo Feature 1

iPhone 17 Pro Coming Soon With These 14 New Features

Monday June 30, 2025 1:08 pm PDT by
Apple's next-generation iPhone 17 Pro and iPhone 17 Pro Max are less than three months away, and there are plenty of rumors about the devices. Apple is expected to launch the iPhone 17, iPhone 17 Air, iPhone 17 Pro, and iPhone 17 Pro Max in September this year. Below, we recap key changes rumored for the iPhone 17 Pro models:Aluminum frame: iPhone 17 Pro models are rumored to have an...
A18 Pro Chip

New MacBook With A18 Pro Chip Spotted in Apple Code

Monday June 30, 2025 8:05 am PDT by
Apple is developing a MacBook with the A18 Pro chip, according to findings in backend code uncovered by MacRumors. Earlier today, Apple analyst Ming-Chi Kuo reported that Apple is planning to launch a low-cost MacBook powered by an iPhone chip. The machine is expected to feature a 13-inch display, the A18 Pro chip, and color options that include silver, blue, pink, and yellow. MacRumors...
iPhone 17 Pro Lower Logo Magsafe

iPhone 17 Pro's New MagSafe Design Revealed in Leaked Photo

Wednesday July 2, 2025 8:37 am PDT by
The upcoming iPhone 17 Pro and iPhone 17 Pro Max are rumored to have a slightly different MagSafe magnet layout compared to existing iPhone models, and a leaked photo has offered a closer look at the supposed new design. The leaker Majin Bu today shared a photo of alleged MagSafe magnet arrays for third-party iPhone 17 Pro cases. On existing iPhone models with MagSafe, the magnets form a...
macbook air spacegray purple

Apple Planning to Launch Low-Cost MacBook Powered By iPhone Chip

Monday June 30, 2025 3:20 am PDT by
Apple is planning to launch a low-cost MacBook powered by an iPhone chip, according to Apple analyst Ming-Chi Kuo. In an article published on X, Kuo explained that the device will feature a 13-inch display and the A18 Pro chip, making it the first Mac powered by an iPhone chip. The A18 Pro chip debuted in the iPhone 16 Pro last year. To date, all Apple silicon Macs have contained M-series...
Apple Watch Ultra Night Mode Screen

Apple Watch Ultra 3 Launching Later This Year With Two Key Upgrades

Wednesday July 2, 2025 1:13 pm PDT by
The long wait for an Apple Watch Ultra 3 appears to be nearly over, and it is rumored to feature both satellite connectivity and 5G support. Apple Watch Ultra's existing Night Mode In his latest Power On newsletter, Bloomberg's Mark Gurman said that the Apple Watch Ultra 3 is on track to launch this year with "significant" new features, including satellite connectivity, which would let you...
iOS 18

Apple Releases Second iOS 18.6 Public Beta

Tuesday July 1, 2025 10:19 am PDT by
Apple today seeded the second betas of upcoming iOS 18.6 and iPadOS 18.6 updates to public beta testers, with the betas coming just a day after Apple provided the betas to developers. Apple has also released a second beta of macOS Sequoia 15.6. Testers who have signed up for beta updates through Apple's beta site can download iOS 18.6 and iPadOS 18.6 from the Settings app on a compatible...
Wi Fi WiFi General Feature

iOS 26 Adds a Useful New Wi-Fi Feature to Your iPhone

Wednesday July 2, 2025 6:36 am PDT by
iOS 26 and iPadOS 26 add a smaller yet useful Wi-Fi feature to iPhones and iPads. As spotted by Creative Strategies analyst Max Weinbach, sign-in details for captive Wi-Fi networks are now synced across iPhones and iPads running iOS 26 and iPadOS 26. For example, while Weinbach was staying at a Hilton hotel, his iPhone prompted him to fill in Wi-Fi details from his iPad that was already...
maxresdefault

Five Features Coming to AirPods Pro 3

Friday June 27, 2025 10:52 am PDT by
Apple hasn't updated the AirPods Pro since 2022, and the earbuds are due for a refresh. We're counting on a new model this year, and we've seen several hints of new AirPods tucked away in Apple's code. Rumors suggest that Apple has some exciting new features planned that will make it worthwhile to upgrade to the latest model. Subscribe to the MacRumors YouTube channel for more videos. Heal...
replay all time playlist apple music

Apple Music Debuts All-New Personalized Playlist

Monday June 30, 2025 7:16 am PDT by
As part of its 10-year celebrations of Apple Music, Apple today released an all-new personalized playlist that collates your entire listening history. The playlist, called "Replay All Time," expands on Apple Music's existing Replay features. Previously, users could only see their top songs for each individual calendar year that they've been subscribed to Apple Music, but now, Replay All...

Top Rated Comments

aforty Avatar
99 months ago
How embarrassing...

I wish Apple did a better job testing their releases. We used to enjoy such high quality when it came to software updates and releases.
Score: 42 Votes (Like | Disagree)
bwintx Avatar
99 months ago
That was quick
And it was utterly necessary that it be just that.
Score: 36 Votes (Like | Disagree)
dannyyankou Avatar
99 months ago
That was quick
Score: 34 Votes (Like | Disagree)
AbSoluTc Avatar
99 months ago
How embarrassing...

I wish Apple did a better job testing their releases. We used to enjoy such high quality when it came to software updates and releases.
You ever heard of Windows? Perhaps you should read up on that OS if you haven't.

Also, give me a break. Nobody finds everything, not even "Apple". Patched quickly and painlessly. Move along.
Score: 31 Votes (Like | Disagree)
longofest Avatar
99 months ago
You ever heard of Windows? Perhaps you should read up on that OS if you haven't.

Also, give me a break. Nobody finds everything, not even "Apple". Patched quickly and painlessly. Move along.
Three... count 'em... THREE... critical and ridiculous security issues with Mac OS High Sierra within as many months. This one, the Disk utility one, and the keychain one. And that's just the security issues...

There's no excuse for it. Saying "well, microsoft is just as bad" just means that Apple is stooping to Microsoft's level... but I'd actually venture to say that Apple is starting to get worse than Microsoft when it comes to Mac OS vs Windows.
Score: 13 Votes (Like | Disagree)
discuit Avatar
99 months ago
This is actually an argument in favor of public disclosure of vulnerabilities. Lemi Orhan Ergin was catching a lot of criticism yesterday for posting it on twitter, but if this bug had been reported privately, it would have taken much longer to fix, while malicious actors would be able to exploit it all along.
Score: 10 Votes (Like | Disagree)