Apple Releases macOS High Sierra Security Fix for Root Password Flaw [u]

Apple has just released an update for the embarrassing macOS High Sierra security flaw uncovered yesterday, which would let anyone get full access to your Mac with a blank password.

Screenshot 2017 11 29 08 25 12

Go install this macOS High Sierra update now if you want to protect your Mac, especially if it’s one that’s out in the open.

What’s even scarier about this security lapse was it was also published two weeks ago in Apple’s own Developer forums (seriously, you can’t make this stuff up.), as noted on Twitter by Mike Myers (no, not that groovy dude):

Update: Here’s Apple’s statement and apology regarding this security lapse, provided to Daring Fireball:

Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS.

When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. This morning, as of 8:00 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.

We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.

Update 2: Apple has also posted a second update, on how to restore authenticating or connecting to file shares on your Mac–which breaks after installing this security update:

  1. Open the Terminal app, which is in the Utilities folder of your Applications folder.
  2. Type sudo /usr/libexec/configureLocalKDC and press Return.
  3. Enter your administrator password and press Return.
  4. Quit the Terminal app.

…refresh for updates.

P.S. - Like our news? Support the site with a coffee/beer. Or shop with our Amazon link. We use affiliate links when possible--thank you for supporting independent media.