Apple today released a security fix for the macOS High Sierra users. This security update quickly fixed a vulnerability that an attacker may be able to log into an admin account using the username "root" with no password, including a blank one. 


The security update is rolling out on the Mac App Store now, it should be installed by all users running macOS High Sierra as soon as possible. Regardless, starting later today, the update will be automatically installed on all Macs running macOS High Sierra 10.13.1.

While the security vulnerability was a rather serious one, Apple has promptly responded with a fix less than 24 hours after it became public. The issue did not affect older versions of macOS, although there doesn’t appear to be a fix available for macOS 10.13.2 beta yet. The company has since apologized for the vulnerability in a statement.

Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS.

When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. This morning, as of 8 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.

We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.

Via MacRumors And 9to5Mac, Image Credit AppleInsider

Post a Comment

Powered by Blogger.