Updating macOS High Sierra Could Reactivate Root Password Vulnerability

Apple previously advised its customers who may be affected to set a password for the device's root user which should stop people exploiting the vulnerability. It has also now released a security update to address the issue which users should download

Apple previously advised its customers who may be affected to set a password for the device's root user which should stop people exploiting the vulnerability. It has also now released a security update to address the issue which users should download

After Reed confirmed that 10.13.1 reopened the "root" bug, he again installed Apple's security fix for the problem. The vulnerability was reported yesterday by a software developer on Twitter. This morning, as of 8 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra. Users who had not installed macOS 10.13.1 and thus were running a prior version of the OS when they received the security update, found that installing 10.13.1 resurfaced the bug, according to a report from Wired. A new report from Wired has revealed that users who were still on macOS High Sierra 10.13 - and installed the rushed security patch for the root exploit - saw the effects of the patch completely undone by upgrading to macOS High Sierra 10.13.1.

You'd think that would be the end of Apple's software troubles for this week, but you'd be wrong.

Recently, Mac computers were reported to be facing, what is referred to as the "root" issue bug.

This has been an incredibly awful week for Apple's operating systems.

One small bright spot may be that the vulnerability requires local access and appears hard, though not impossible, to exploit remotely. However, if your device is running the 10.13.2 beta, you will likely have to wait until the next build is released. With the bug in the operating system, any person or malicious program that tried to log into a Mac computer, or install software, or even change settings, could do that by simply entering root as username on the prompt, and they were able to bypass the prompt to gain full access to the computer.

Apple has acknowledged the problem and issued instructions to fix the problem.

"Oh my god that should not work but it does", another user responded yesterday on the forum. "Some bug in authentication is ENABLING root with no password the first time it fails!"

Apple said in its statement that its security engineers became aware of the issue Tuesday afternoon and that the company "immediately began working on an update that closes the security hole".

Apple seems to be doing badly in ensuring Macs are secure.

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.