PSA: If You Upgrade to macOS High Sierra 10.13.1, You'll Need to Reinstall Apple's Root Security Fix

Mac owners who are still running macOS High Sierra 10.13 and who have already installed Apple's root security fix on that version of the operating system will need to install it once again upon upgrading to macOS 10.13.1, reports Wired.

Security researchers running a patched version of the original macOS High Sierra update, 10.13.0, told Wired that the root bug was reintroduced upon installing the macOS 10.13.1 update. After updating, they needed to install Apple's security patch again. Even that didn't fix the issue until their machines were rebooted.

rootbug

Those who had not yet upgraded their operating system from the original version of High Sierra, 10.13.0, to the most recent version, 10.13.1, but had downloaded the patch, say the "root" bug reappears when they install the most recent macOS system update.

And worse, two of those Mac users say they've also tried re-installing Apple's security patch after that upgrade, only to find that the "root" problem still persists until they reboot their computer, with no warning that a reboot is necessary.

The root fix, released on Wednesday for macOS High Sierra 10.13.0 and 10.13.1, addresses a serious vulnerability that was first discovered a day earlier on Tuesday. The bug enabled the root superuser on a Mac with a blank password and no security check, letting anyone bypass the security of an admin account with the username "root" and no password.

While the security update successfully fixes the issue, it appears Apple may not have releases a modified and patched version of macOS 10.13.1, so customers who installed the update on 10.13 might think they're protected upon updating to 10.13.1, but they're not. Instead, the bug is fully re-introduced.

Apple may fix this problem now that the oversight has been pointed out, but in the meantime, customers upgrading from macOS High Sierra 10.13 to 10.13.1 should make sure to download the security update a second time and restart to be certain the root vulnerability is patched.

This won't be an issue when the macOS High Sierra 10.13.2 update is released, as Apple patched the bug in the macOS High Sierra 10.13.2 beta that was released this morning.

Related Forum: macOS High Sierra

Top Rated Comments

Val-kyrie Avatar
79 months ago
I am speechless
Score: 14 Votes (Like | Disagree)
velocityg4 Avatar
79 months ago
how much worse can High Sierra get?
27 pages of people with this issue.
https://discussions.apple.com/thread/8097885?start=0&tstart=0

I've noted it as well and it is quite serious. I setup a new Mac Pro and updated it to High Sierra. It crashed constantly. Got a replacement unit from the vendor. It came with High Sierra already installed and does the exact same thing. It seems to be exacerbated if you have numerous windows open and multiple high resolution displays.

There was a reason why Steve Jobs gave up on the yearly OS X updates. It forced shoddy releases. They need to go back to releasing OS X version when they are ready. Not to hit a yearly mark. The best OS is one you don't even notice is there.
Score: 13 Votes (Like | Disagree)
farewelwilliams Avatar
79 months ago
how much worse can High Sierra get?
Score: 13 Votes (Like | Disagree)
antiprotest Avatar
79 months ago
For a while I have been irritated at Apple, but their incompetence has reached a point that I am beginning to be impressed.
Score: 12 Votes (Like | Disagree)
thadoggfather Avatar
79 months ago
It just works:

After applying patch, then a patch to fix the patch’s issues.

Then go .1, rinse and repeat

Just in case it doesnt you can run some terminal commands

Weeee
Score: 10 Votes (Like | Disagree)
Krafty Avatar
79 months ago
Finally.

I am root.

Again.
Score: 7 Votes (Like | Disagree)

Popular Stories

iOS 16 4 Web Push

Apple Confirms Governments Using Push Notifications to Surveil Users

Wednesday December 6, 2023 5:06 am PST by
Unidentified governments are surveilling smartphone users by tracking push notifications that move through Google's and Apple's servers, a US senator warned on Wednesday (via Reuters). In a letter to the Department of Justice, Senator Ron Wyden said foreign officials were demanding the data from the tech giants to track smartphones. The traffic flowing from apps that send push notifications...
iOS 17

iOS 17.2 Will Add These 12 New Features to Your iPhone

Friday December 1, 2023 12:19 pm PST by
iOS 17.2 has been in beta testing for over a month, and it should be released to all users in a few more weeks. The software update includes many new features and changes for iPhones, including the dozen that we have highlighted below. iOS 17.2 is expected to be released to the public in mid-December. To learn about even more features coming in the update, check out our full list. Journal ...
iphone se 4 modified flag edges

iPhone SE 4 May Reuse Existing iPhone 14 Battery

Wednesday December 6, 2023 1:17 pm PST by
Recently, MacRumors has received details on the battery currently being tested on the upcoming fourth-generation iPhone SE, and the information corroborates previous findings in relation to the device. The iPhone SE 4, known by its device identifier D59, is expected to use the exact same battery found in the base model iPhone 14. Partially assembled prototypes of the next iPhone SE have been ...
best buy snowflakes

Best Buy's New Weekend Sale Has Record Low Prices on MacBook Pro and MacBook Air

Friday December 8, 2023 7:37 am PST by
Best Buy's month-long holiday sale continues this weekend with multiple all-time low prices on Apple's line of MacBook Pro and MacBook Air computers. In addition to Apple notebooks, Best Buy's event has discounts sitewide on home appliances, TVs, video games, and more. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive...
beeper mini

Apple Puts a Stop to Beeper Mini's iMessage for Android Feature

Friday December 8, 2023 2:24 pm PST by
Apple appears to have closed the loophole that Beeper Mini used to bring iMessage to Android, putting a stop to blue bubbles from Android devices. Beeper Mini quit working earlier today, with users receiving "failed to lookup on server: lookup request timed out" error messages. Beeper said on Twitter that it is investigating the issue, but Beeper CEO Eric Migicovsky told TechCrunch that "all ...
maxresdefault

Review: Two Months With the iPhone 15 Pro Max

Thursday December 7, 2023 12:04 pm PST by
Apple's iPhone 15 lineup came out in September, and while most reviews are done shortly after a new device launches, we like to follow up with a longer term review that gives us an opportunity to provide a deeper dive into what it's like using these phones on a day to day basis for months. Subscribe to the MacRumors YouTube channel for more videos. MacRumors videographer Dan Barbera has been...
anker new gold

Anker Begins Countdown to Christmas Sale With Up to 50% Off Popular Charging Accessories

Thursday December 7, 2023 7:55 am PST by
Anker has launched its newest holiday sale, this one offering a special deal every day in the lead-up to Christmas. These sales offer up to 50 percent off select products, and include discounts on USB-C chargers, portable batteries, and much more. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which ...
12

Apple to Launch Two iPad Air and Two OLED iPad Pro Models Early Next Year

Wednesday December 6, 2023 9:53 am PST by
To boost falling iPad sales, Apple has a major refresh planned for the iPad lineup in early 2024, according to Bloomberg's Mark Gurman. Apple plans to debut new iPad Air and iPad Pro models, both of which will feature notable changes. The iPad Air will come in two sizes like the iPad Pro for the first time. The smaller model will continue to measure in at 10.9 inches, but the larger version...