Apple has released a fix for the now-infamous root bug in macOS High Sierra.
The company released its Apple Security Update 2017-001 update on Wednesday. The update, a 2.1 megabyte download, can be located and installed via the App Store app. Open this program, click on “Updates” and the patch will appear as a security update that can be installed without needing to restart your Mac.
Apple offered the following comment regarding the fix:
When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. This morning, as of 8 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.
We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.
The bug, which was discovered by Lemi Orhan Ergin, allows users to login as “root”, leave the password field empty and be able to login after clicking the login button several times. The root user, which is a superuser account, grants access to areas of the system that are often used by system administrators.
If you’ve tried the fix and have any feedback to offer, please let us know about your experience in the comments.
Via Macworld