"Hey Siri" support and possibly wireless charging case alongside AirPower charging mat.
PSA: If You Upgrade to macOS High Sierra 10.13.1, You'll Need to Reinstall Apple's Root Security Fix
Mac owners who are still running macOS High Sierra 10.13 and who have already installed Apple's root security fix on that version of the operating system will need to install it once again upon upgrading to macOS 10.13.1, reports Wired.
Security researchers running a patched version of the original macOS High Sierra update, 10.13.0, told Wired that the root bug was reintroduced upon installing the macOS 10.13.1 update. After updating, they needed to install Apple's security patch again. Even that didn't fix the issue until their machines were rebooted.
While the security update successfully fixes the issue, it appears Apple may not have releases a modified and patched version of macOS 10.13.1, so customers who installed the update on 10.13 might think they're protected upon updating to 10.13.1, but they're not. Instead, the bug is fully re-introduced.
Apple may fix this problem now that the oversight has been pointed out, but in the meantime, customers upgrading from macOS High Sierra 10.13 to 10.13.1 should make sure to download the security update a second time and restart to be certain the root vulnerability is patched.
This won't be an issue when the macOS High Sierra 10.13.2 update is released, as Apple patched the bug in the macOS High Sierra 10.13.2 beta that was released this morning.
Security researchers running a patched version of the original macOS High Sierra update, 10.13.0, told Wired that the root bug was reintroduced upon installing the macOS 10.13.1 update. After updating, they needed to install Apple's security patch again. Even that didn't fix the issue until their machines were rebooted.
Those who had not yet upgraded their operating system from the original version of High Sierra, 10.13.0, to the most recent version, 10.13.1, but had downloaded the patch, say the "root" bug reappears when they install the most recent macOS system update.The root fix, released on Wednesday for macOS High Sierra 10.13.0 and 10.13.1, addresses a serious vulnerability that was first discovered a day earlier on Tuesday. The bug enabled the root superuser on a Mac with a blank password and no security check, letting anyone bypass the security of an admin account with the username "root" and no password.
And worse, two of those Mac users say they've also tried re-installing Apple's security patch after that upgrade, only to find that the "root" problem still persists until they reboot their computer, with no warning that a reboot is necessary.
While the security update successfully fixes the issue, it appears Apple may not have releases a modified and patched version of macOS 10.13.1, so customers who installed the update on 10.13 might think they're protected upon updating to 10.13.1, but they're not. Instead, the bug is fully re-introduced.
Apple may fix this problem now that the oversight has been pointed out, but in the meantime, customers upgrading from macOS High Sierra 10.13 to 10.13.1 should make sure to download the security update a second time and restart to be certain the root vulnerability is patched.
This won't be an issue when the macOS High Sierra 10.13.2 update is released, as Apple patched the bug in the macOS High Sierra 10.13.2 beta that was released this morning.
[ 100 comments ]
Top Rated Comments
(View all)
13 months ago
how much worse can High Sierra get?
27 pages of people with this issue.https://discussions.apple.com/thread/8097885?start=0&tstart=0
I've noted it as well and it is quite serious. I setup a new Mac Pro and updated it to High Sierra. It crashed constantly. Got a replacement unit from the vendor. It came with High Sierra already installed and does the exact same thing. It seems to be exacerbated if you have numerous windows open and multiple high resolution displays.
There was a reason why Steve Jobs gave up on the yearly OS X updates. It forced shoddy releases. They need to go back to releasing OS X version when they are ready. Not to hit a yearly mark. The best OS is one you don't even notice is there.
13 months ago
For a while I have been irritated at Apple, but their incompetence has reached a point that I am beginning to be impressed.
13 months ago
It just works:
After applying patch, then a patch to fix the patch’s issues.
Then go .1, rinse and repeat
Just in case it doesnt you can run some terminal commands
Weeee
After applying patch, then a patch to fix the patch’s issues.
Then go .1, rinse and repeat
Just in case it doesnt you can run some terminal commands
Weeee
13 months ago
I don't excuse Apple for this one, but I have a hard time getting worked up over it. This bug brings the current version of MacOS (unpatched) to the level of Windows without UAC enabled, which is basically the norm. After that, I really don't intend to allow others physical access to my systems to exploit this. Seriously, we can stop the arm waving
For the typical home computer, this is not a real big concern. For computers in shared environments, or in environments where the users are given limited privileges, this is a huge problem.
13 months ago
how much worse can High Sierra get?
Oh, it can get worse.
Applying the security patches has made Safari and Spotlight completely unusable for me now. I get constant crashes, and I can't figure out how to solve this.
High Sierra is a POS.
13 months ago
What a shame. It’s like Michael Jordan Playing for the washing wizards after the bulls run. That’s where apple is. Or Kobe’s final year losing constantly. Or Mike Tyson biting ears or Michael Jackson nose changing. That’s you Apple 2017.
[ Read All Comments ]
For this week's giveaway, we've teamed up with Anki to offer MacRumors readers a chance to win one of the company's adorable little Vector robots, which designed to be a personal robot...
Last year, accessory company Elago launched the W3 Charging Stand for Apple Watch, which turned Apple's modern wearable into a classic Macintosh. This week, Elago announced the latest iteration...
Cellular network operator O2 on Friday said its data networks had been restored after millions of smartphones across the UK and Japan were taken offline yesterday (via BBC).
A statement on its...
Bang & Olufsen over the past week has added AirPlay 2 support to more of its speakers, including the BeoPlay A9 and BeoPlay M5.
BeoPlay M5 speaker in AirPlay Picker via Brad Thomas
This...
Following a demo earlier this year at WWDC, LEGO today launched the LEGO AR Playgrounds app for iPhone and iPad [Direct Link]. The app uses ARKit to place digital LEGO characters and blocks into...
Google this week announced that it is shutting down its messaging app Google Allo [iOS Direct Link], and incorporating many of its features into the Messages app on Android smartphones. Google Allo...
Best Buy today launched a new Apple savings event, marking down iPhones, MacBook Airs, MacBook Pros, iMacs, iPads, iPad Pros, and some HomeKit devices. There are numerous notable discounts in the...
ConnectSense, one of the first companies to introduce a HomeKit-enabled smart plug, today announced the launch of the Smart Outlet 2, its second-generation HomeKit product.
Like the first Smart...
